8144 lines
2.1 MiB
8144 lines
2.1 MiB
# Title: Online Malicious URL Suricata Ruleset
|
|
# Updated: Wed, 13 Oct 2021 00:10:37 +0000
|
|
# Expires: 1 day (update frequency)
|
|
# Homepage: https://gitlab.com/curben/urlhaus-filter
|
|
# License: https://gitlab.com/curben/urlhaus-filter#license
|
|
# Source: https://urlhaus.abuse.ch/api/
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.0.218.230"; classtype:trojan-activity; sid:100000001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.1.188.23"; classtype:trojan-activity; sid:100000002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.10.146.30"; classtype:trojan-activity; sid:100000003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.10.146.31"; classtype:trojan-activity; sid:100000004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.14.61.188"; classtype:trojan-activity; sid:100000005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.171.12.72"; classtype:trojan-activity; sid:100000006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.222.198.69"; classtype:trojan-activity; sid:100000007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.107"; classtype:trojan-activity; sid:100000008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.109"; classtype:trojan-activity; sid:100000009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.113"; classtype:trojan-activity; sid:100000010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.127"; classtype:trojan-activity; sid:100000011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.13"; classtype:trojan-activity; sid:100000012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.134"; classtype:trojan-activity; sid:100000013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.16"; classtype:trojan-activity; sid:100000014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.2"; classtype:trojan-activity; sid:100000015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.20"; classtype:trojan-activity; sid:100000016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.201"; classtype:trojan-activity; sid:100000017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.213"; classtype:trojan-activity; sid:100000018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.22"; classtype:trojan-activity; sid:100000019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.232"; classtype:trojan-activity; sid:100000020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.234"; classtype:trojan-activity; sid:100000021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.237"; classtype:trojan-activity; sid:100000022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.245"; classtype:trojan-activity; sid:100000023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.249"; classtype:trojan-activity; sid:100000024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.38"; classtype:trojan-activity; sid:100000025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.40"; classtype:trojan-activity; sid:100000026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.41"; classtype:trojan-activity; sid:100000027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.43"; classtype:trojan-activity; sid:100000028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.45"; classtype:trojan-activity; sid:100000029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.49"; classtype:trojan-activity; sid:100000030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.56"; classtype:trojan-activity; sid:100000031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.6"; classtype:trojan-activity; sid:100000032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.63"; classtype:trojan-activity; sid:100000033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.69"; classtype:trojan-activity; sid:100000034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.222.94"; classtype:trojan-activity; sid:100000035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.10"; classtype:trojan-activity; sid:100000036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.103"; classtype:trojan-activity; sid:100000037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.109"; classtype:trojan-activity; sid:100000038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.126"; classtype:trojan-activity; sid:100000039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.130"; classtype:trojan-activity; sid:100000040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.146"; classtype:trojan-activity; sid:100000041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.15"; classtype:trojan-activity; sid:100000042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.151"; classtype:trojan-activity; sid:100000043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.18"; classtype:trojan-activity; sid:100000044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.22"; classtype:trojan-activity; sid:100000045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.223"; classtype:trojan-activity; sid:100000046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.32"; classtype:trojan-activity; sid:100000047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.4"; classtype:trojan-activity; sid:100000048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.48"; classtype:trojan-activity; sid:100000049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.54"; classtype:trojan-activity; sid:100000050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.58"; classtype:trojan-activity; sid:100000051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.59"; classtype:trojan-activity; sid:100000052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.6"; classtype:trojan-activity; sid:100000053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.71"; classtype:trojan-activity; sid:100000054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.246.223.83"; classtype:trojan-activity; sid:100000055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.62.157.123"; classtype:trojan-activity; sid:100000056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1.64.1.13"; classtype:trojan-activity; sid:100000057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"100.12.51.122"; classtype:trojan-activity; sid:100000058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"100.35.47.56"; classtype:trojan-activity; sid:100000059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"100.38.34.189"; classtype:trojan-activity; sid:100000060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.108.128.101"; classtype:trojan-activity; sid:100000061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.108.129.136"; classtype:trojan-activity; sid:100000062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.108.132.253"; classtype:trojan-activity; sid:100000063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.108.133.161"; classtype:trojan-activity; sid:100000064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.108.133.33"; classtype:trojan-activity; sid:100000065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.108.135.249"; classtype:trojan-activity; sid:100000066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.108.135.53"; classtype:trojan-activity; sid:100000067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.16.102.139"; classtype:trojan-activity; sid:100000068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.20.67.13"; classtype:trojan-activity; sid:100000069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.25.45.23"; classtype:trojan-activity; sid:100000070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.255.36.154"; classtype:trojan-activity; sid:100000071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.255.85.58"; classtype:trojan-activity; sid:100000072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.28.162.213"; classtype:trojan-activity; sid:100000073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.28.68.225"; classtype:trojan-activity; sid:100000074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.51.121.206"; classtype:trojan-activity; sid:100000075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.51.129.214"; classtype:trojan-activity; sid:100000076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.65.130.245"; classtype:trojan-activity; sid:100000077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.65.33.223"; classtype:trojan-activity; sid:100000078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.69.118.241"; classtype:trojan-activity; sid:100000079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.72.63.76"; classtype:trojan-activity; sid:100000080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.78.22.102"; classtype:trojan-activity; sid:100000081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"101.99.8.39"; classtype:trojan-activity; sid:100000082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.105.178.44"; classtype:trojan-activity; sid:100000083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.109.82.23"; classtype:trojan-activity; sid:100000084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.118.164.115"; classtype:trojan-activity; sid:100000085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.120.135.232"; classtype:trojan-activity; sid:100000086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.125.163.10"; classtype:trojan-activity; sid:100000087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.125.190.6"; classtype:trojan-activity; sid:100000088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.136.82.50"; classtype:trojan-activity; sid:100000089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.140.251.116"; classtype:trojan-activity; sid:100000090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.155.82.159"; classtype:trojan-activity; sid:100000091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.155.83.184"; classtype:trojan-activity; sid:100000092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.159.133.159"; classtype:trojan-activity; sid:100000093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.16.145.25"; classtype:trojan-activity; sid:100000094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.161.232.135"; classtype:trojan-activity; sid:100000095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.161.232.139"; classtype:trojan-activity; sid:100000096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.161.232.141"; classtype:trojan-activity; sid:100000097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.162.60.19"; classtype:trojan-activity; sid:100000098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.164.200.170"; classtype:trojan-activity; sid:100000099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.167.90.177"; classtype:trojan-activity; sid:100000100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.167.90.69"; classtype:trojan-activity; sid:100000101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.167.93.12"; classtype:trojan-activity; sid:100000102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.171.0.73"; classtype:trojan-activity; sid:100000103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.217.215.21"; classtype:trojan-activity; sid:100000104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.223.13.135"; classtype:trojan-activity; sid:100000105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.224.200.146"; classtype:trojan-activity; sid:100000106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.224.200.40"; classtype:trojan-activity; sid:100000107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.228.253.139"; classtype:trojan-activity; sid:100000108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.230.153.181"; classtype:trojan-activity; sid:100000109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.233.64.140"; classtype:trojan-activity; sid:100000110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.240.249.121"; classtype:trojan-activity; sid:100000111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.244.32.167"; classtype:trojan-activity; sid:100000112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.251.57.23"; classtype:trojan-activity; sid:100000113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.252.128.166"; classtype:trojan-activity; sid:100000114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.4.116.82"; classtype:trojan-activity; sid:100000115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.4.117.26"; classtype:trojan-activity; sid:100000116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.41.30.190"; classtype:trojan-activity; sid:100000117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.45.140.175"; classtype:trojan-activity; sid:100000118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.47.104.238"; classtype:trojan-activity; sid:100000119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.48.184.31"; classtype:trojan-activity; sid:100000120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.48.80.15"; classtype:trojan-activity; sid:100000121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.50.7.126"; classtype:trojan-activity; sid:100000122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.59.58.251"; classtype:trojan-activity; sid:100000123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.60.215.56"; classtype:trojan-activity; sid:100000124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.70.5.247"; classtype:trojan-activity; sid:100000125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.80.116.88"; classtype:trojan-activity; sid:100000126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.82.145.136"; classtype:trojan-activity; sid:100000127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.90.205.87"; classtype:trojan-activity; sid:100000128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.91.245.3"; classtype:trojan-activity; sid:100000129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.91.245.40"; classtype:trojan-activity; sid:100000130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.91.245.48"; classtype:trojan-activity; sid:100000131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.92.25.90"; classtype:trojan-activity; sid:100000132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.92.25.95"; classtype:trojan-activity; sid:100000133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.168.52.103"; classtype:trojan-activity; sid:100000134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.184.75.123"; classtype:trojan-activity; sid:100000135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.189.92.253"; classtype:trojan-activity; sid:100000136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.233.207.172"; classtype:trojan-activity; sid:100000137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.237.202.4"; classtype:trojan-activity; sid:100000138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.244.77.57"; classtype:trojan-activity; sid:100000139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.6.77.65"; classtype:trojan-activity; sid:100000140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.1.129.240"; classtype:trojan-activity; sid:100000141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.1.184.222"; classtype:trojan-activity; sid:100000142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.1.189.152"; classtype:trojan-activity; sid:100000143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.1.20.15"; classtype:trojan-activity; sid:100000144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.104.175.140"; classtype:trojan-activity; sid:100000145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.104.193.155"; classtype:trojan-activity; sid:100000146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.105.207.155"; classtype:trojan-activity; sid:100000147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.105.210.25"; classtype:trojan-activity; sid:100000148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.105.218.6"; classtype:trojan-activity; sid:100000149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.110.15.79"; classtype:trojan-activity; sid:100000150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.111.50.54"; classtype:trojan-activity; sid:100000151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.113.185.50"; classtype:trojan-activity; sid:100000152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.115.175.81"; classtype:trojan-activity; sid:100000153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.120.14.124"; classtype:trojan-activity; sid:100000154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.123.62.226"; classtype:trojan-activity; sid:100000155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.127.178.14"; classtype:trojan-activity; sid:100000156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.247.101.230"; classtype:trojan-activity; sid:100000157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.5.171.90"; classtype:trojan-activity; sid:100000158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.52.168.175"; classtype:trojan-activity; sid:100000159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.85.79.66"; classtype:trojan-activity; sid:100000160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.86.175.201"; classtype:trojan-activity; sid:100000161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.91.253.17"; classtype:trojan-activity; sid:100000162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"106.91.4.90"; classtype:trojan-activity; sid:100000163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.13.39.147"; classtype:trojan-activity; sid:100000164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.142.171.93"; classtype:trojan-activity; sid:100000165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.0.199"; classtype:trojan-activity; sid:100000166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.13.131"; classtype:trojan-activity; sid:100000167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.13.137"; classtype:trojan-activity; sid:100000168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.137.175"; classtype:trojan-activity; sid:100000169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.141.135"; classtype:trojan-activity; sid:100000170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.156.132"; classtype:trojan-activity; sid:100000171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.214.23"; classtype:trojan-activity; sid:100000172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.248.140"; classtype:trojan-activity; sid:100000173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.30.215"; classtype:trojan-activity; sid:100000174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.73.191"; classtype:trojan-activity; sid:100000175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.83.130"; classtype:trojan-activity; sid:100000176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.93.32"; classtype:trojan-activity; sid:100000177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.173.219.122"; classtype:trojan-activity; sid:100000178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.174.35.229"; classtype:trojan-activity; sid:100000179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.174.46.89"; classtype:trojan-activity; sid:100000180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.175.215.195"; classtype:trojan-activity; sid:100000181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.184.67.94"; classtype:trojan-activity; sid:100000182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.189.1.185"; classtype:trojan-activity; sid:100000183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.189.31.173"; classtype:trojan-activity; sid:100000184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.189.4.115"; classtype:trojan-activity; sid:100000185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.194.242.170"; classtype:trojan-activity; sid:100000186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.220.119.25"; classtype:trojan-activity; sid:100000187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"108.190.201.37"; classtype:trojan-activity; sid:100000188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"108.190.250.48"; classtype:trojan-activity; sid:100000189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"108.20.203.32"; classtype:trojan-activity; sid:100000190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"108.214.49.232"; classtype:trojan-activity; sid:100000191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"108.239.155.26"; classtype:trojan-activity; sid:100000192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"108.27.217.242"; classtype:trojan-activity; sid:100000193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"108.58.113.114"; classtype:trojan-activity; sid:100000194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.124.90.229"; classtype:trojan-activity; sid:100000195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.207.102.6"; classtype:trojan-activity; sid:100000196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.235.7.228"; classtype:trojan-activity; sid:100000197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.86.85.253"; classtype:trojan-activity; sid:100000198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.87.198.17"; classtype:trojan-activity; sid:100000199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.92.26.48"; classtype:trojan-activity; sid:100000200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.95.200.102"; classtype:trojan-activity; sid:100000201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.95.200.230"; classtype:trojan-activity; sid:100000202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.96.127.90"; classtype:trojan-activity; sid:100000203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109.99.37.97"; classtype:trojan-activity; sid:100000204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.14.58.190"; classtype:trojan-activity; sid:100000205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.172.144.113"; classtype:trojan-activity; sid:100000206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.172.144.114"; classtype:trojan-activity; sid:100000207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.174.123.230"; classtype:trojan-activity; sid:100000208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.180.153.127"; classtype:trojan-activity; sid:100000209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.187.228.243"; classtype:trojan-activity; sid:100000210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.228.97.191"; classtype:trojan-activity; sid:100000211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.240.117.153"; classtype:trojan-activity; sid:100000212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.240.192.20"; classtype:trojan-activity; sid:100000213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.241.119.159"; classtype:trojan-activity; sid:100000214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.246.1.48"; classtype:trojan-activity; sid:100000215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.247.19.224"; classtype:trojan-activity; sid:100000216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.248.131.217"; classtype:trojan-activity; sid:100000217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.253.133.227"; classtype:trojan-activity; sid:100000218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.253.176.116"; classtype:trojan-activity; sid:100000219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.253.206.84"; classtype:trojan-activity; sid:100000220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.253.40.157"; classtype:trojan-activity; sid:100000221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.253.70.12"; classtype:trojan-activity; sid:100000222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.255.40.100"; classtype:trojan-activity; sid:100000223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.255.99.98"; classtype:trojan-activity; sid:100000224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.35.172.40"; classtype:trojan-activity; sid:100000225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.35.227.222"; classtype:trojan-activity; sid:100000226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.35.233.129"; classtype:trojan-activity; sid:100000227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.35.233.143"; classtype:trojan-activity; sid:100000228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.35.234.28"; classtype:trojan-activity; sid:100000229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.82.139.39"; classtype:trojan-activity; sid:100000230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.82.167.28"; classtype:trojan-activity; sid:100000231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.85.90.50"; classtype:trojan-activity; sid:100000232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.89.11.37"; classtype:trojan-activity; sid:100000233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"110.89.11.89"; classtype:trojan-activity; sid:100000234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.118.118.115"; classtype:trojan-activity; sid:100000235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.118.118.162"; classtype:trojan-activity; sid:100000236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.118.45.193"; classtype:trojan-activity; sid:100000237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.119.245.114"; classtype:trojan-activity; sid:100000238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.162.148.61"; classtype:trojan-activity; sid:100000239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.162.96.57"; classtype:trojan-activity; sid:100000240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.164.192.166"; classtype:trojan-activity; sid:100000241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.165.222.30"; classtype:trojan-activity; sid:100000242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.165.40.94"; classtype:trojan-activity; sid:100000243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.166.84.91"; classtype:trojan-activity; sid:100000244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.167.144.138"; classtype:trojan-activity; sid:100000245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.167.172.79"; classtype:trojan-activity; sid:100000246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.170.122.184"; classtype:trojan-activity; sid:100000247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.172.81.34"; classtype:trojan-activity; sid:100000248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.174.255.161"; classtype:trojan-activity; sid:100000249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.179.191.189"; classtype:trojan-activity; sid:100000250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.179.228.20"; classtype:trojan-activity; sid:100000251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.179.235.211"; classtype:trojan-activity; sid:100000252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.179.41.103"; classtype:trojan-activity; sid:100000253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.179.61.120"; classtype:trojan-activity; sid:100000254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.182.239.10"; classtype:trojan-activity; sid:100000255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.116.44"; classtype:trojan-activity; sid:100000256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.120.27"; classtype:trojan-activity; sid:100000257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.120.54"; classtype:trojan-activity; sid:100000258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.126.113"; classtype:trojan-activity; sid:100000259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.165.26"; classtype:trojan-activity; sid:100000260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.174.72"; classtype:trojan-activity; sid:100000261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.23.84"; classtype:trojan-activity; sid:100000262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.230.136"; classtype:trojan-activity; sid:100000263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.240.4"; classtype:trojan-activity; sid:100000264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.185.27.9"; classtype:trojan-activity; sid:100000265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.224.199.91"; classtype:trojan-activity; sid:100000266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.225.123.126"; classtype:trojan-activity; sid:100000267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.225.90.162"; classtype:trojan-activity; sid:100000268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.235.228.251"; classtype:trojan-activity; sid:100000269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.103.114"; classtype:trojan-activity; sid:100000270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.106.128"; classtype:trojan-activity; sid:100000271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.123.15"; classtype:trojan-activity; sid:100000272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.123.18"; classtype:trojan-activity; sid:100000273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.123.184"; classtype:trojan-activity; sid:100000274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.123.197"; classtype:trojan-activity; sid:100000275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.123.23"; classtype:trojan-activity; sid:100000276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.17.179"; classtype:trojan-activity; sid:100000277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.26.189"; classtype:trojan-activity; sid:100000278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.38.9.114"; classtype:trojan-activity; sid:100000279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.53.99.147"; classtype:trojan-activity; sid:100000280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.90.191.25"; classtype:trojan-activity; sid:100000281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.90.191.7"; classtype:trojan-activity; sid:100000282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"111.91.162.171"; classtype:trojan-activity; sid:100000283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.104.189.53"; classtype:trojan-activity; sid:100000284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.122.83.106"; classtype:trojan-activity; sid:100000285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.123.156.4"; classtype:trojan-activity; sid:100000286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.132.144.38"; classtype:trojan-activity; sid:100000287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.133.196.132"; classtype:trojan-activity; sid:100000288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.133.222.151"; classtype:trojan-activity; sid:100000289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.147.86.240"; classtype:trojan-activity; sid:100000290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.147.92.51"; classtype:trojan-activity; sid:100000291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.163.126.29"; classtype:trojan-activity; sid:100000292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.164.143.240"; classtype:trojan-activity; sid:100000293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.167.165.139"; classtype:trojan-activity; sid:100000294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.185.189.30"; classtype:trojan-activity; sid:100000295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.186.210.211"; classtype:trojan-activity; sid:100000296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.186.221.107"; classtype:trojan-activity; sid:100000297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.186.96.252"; classtype:trojan-activity; sid:100000298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.187.249.34"; classtype:trojan-activity; sid:100000299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.187.91.117"; classtype:trojan-activity; sid:100000300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.220.89.114"; classtype:trojan-activity; sid:100000301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.225.124.66"; classtype:trojan-activity; sid:100000302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.225.46.204"; classtype:trojan-activity; sid:100000303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.225.88.49"; classtype:trojan-activity; sid:100000304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.225.95.89"; classtype:trojan-activity; sid:100000305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.226.10.181"; classtype:trojan-activity; sid:100000306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.226.192.4"; classtype:trojan-activity; sid:100000307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.226.232.81"; classtype:trojan-activity; sid:100000308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.226.40.56"; classtype:trojan-activity; sid:100000309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.226.56.243"; classtype:trojan-activity; sid:100000310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.229.184.197"; classtype:trojan-activity; sid:100000311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.229.192.127"; classtype:trojan-activity; sid:100000312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.230.251.85"; classtype:trojan-activity; sid:100000313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.233.105.40"; classtype:trojan-activity; sid:100000314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.233.222.160"; classtype:trojan-activity; sid:100000315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.233.58.55"; classtype:trojan-activity; sid:100000316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.122.169"; classtype:trojan-activity; sid:100000317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.192.31"; classtype:trojan-activity; sid:100000318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.220.109"; classtype:trojan-activity; sid:100000319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.220.151"; classtype:trojan-activity; sid:100000320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.222.211"; classtype:trojan-activity; sid:100000321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.25.114"; classtype:trojan-activity; sid:100000322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.37.157"; classtype:trojan-activity; sid:100000323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.39.172"; classtype:trojan-activity; sid:100000324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.234.79.6"; classtype:trojan-activity; sid:100000325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.235.148.130"; classtype:trojan-activity; sid:100000326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.235.166.198"; classtype:trojan-activity; sid:100000327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.235.246.167"; classtype:trojan-activity; sid:100000328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.235.30.51"; classtype:trojan-activity; sid:100000329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.235.46.128"; classtype:trojan-activity; sid:100000330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.235.63.23"; classtype:trojan-activity; sid:100000331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.235.90.160"; classtype:trojan-activity; sid:100000332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.236.251.63"; classtype:trojan-activity; sid:100000333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.236.36.168"; classtype:trojan-activity; sid:100000334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.171.214"; classtype:trojan-activity; sid:100000335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.209.204"; classtype:trojan-activity; sid:100000336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.216.102"; classtype:trojan-activity; sid:100000337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.36.186"; classtype:trojan-activity; sid:100000338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.4.225"; classtype:trojan-activity; sid:100000339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.41.38"; classtype:trojan-activity; sid:100000340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.47.27"; classtype:trojan-activity; sid:100000341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.62.53"; classtype:trojan-activity; sid:100000342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.64.126"; classtype:trojan-activity; sid:100000343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.237.93.122"; classtype:trojan-activity; sid:100000344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.13.244"; classtype:trojan-activity; sid:100000345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.14.70"; classtype:trojan-activity; sid:100000346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.161.129"; classtype:trojan-activity; sid:100000347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.161.34"; classtype:trojan-activity; sid:100000348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.172.175"; classtype:trojan-activity; sid:100000349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.172.29"; classtype:trojan-activity; sid:100000350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.174.115"; classtype:trojan-activity; sid:100000351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.18.236"; classtype:trojan-activity; sid:100000352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.190.255"; classtype:trojan-activity; sid:100000353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.38.1"; classtype:trojan-activity; sid:100000354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.238.77.187"; classtype:trojan-activity; sid:100000355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.100.163"; classtype:trojan-activity; sid:100000356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.100.3"; classtype:trojan-activity; sid:100000357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.100.89"; classtype:trojan-activity; sid:100000358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.102.163"; classtype:trojan-activity; sid:100000359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.103.112"; classtype:trojan-activity; sid:100000360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.103.188"; classtype:trojan-activity; sid:100000361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.103.213"; classtype:trojan-activity; sid:100000362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.103.23"; classtype:trojan-activity; sid:100000363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.103.247"; classtype:trojan-activity; sid:100000364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.103.43"; classtype:trojan-activity; sid:100000365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.121.67"; classtype:trojan-activity; sid:100000366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.122.166"; classtype:trojan-activity; sid:100000367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.122.179"; classtype:trojan-activity; sid:100000368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.123.205"; classtype:trojan-activity; sid:100000369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.127.23"; classtype:trojan-activity; sid:100000370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.21.41"; classtype:trojan-activity; sid:100000371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.23.71"; classtype:trojan-activity; sid:100000372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.96.164"; classtype:trojan-activity; sid:100000373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.98.112"; classtype:trojan-activity; sid:100000374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.239.99.6"; classtype:trojan-activity; sid:100000375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.240.146.110"; classtype:trojan-activity; sid:100000376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.240.149.227"; classtype:trojan-activity; sid:100000377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.240.164.25"; classtype:trojan-activity; sid:100000378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.240.236.206"; classtype:trojan-activity; sid:100000379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.241.102.18"; classtype:trojan-activity; sid:100000380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.241.210.131"; classtype:trojan-activity; sid:100000381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.242.229.19"; classtype:trojan-activity; sid:100000382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.242.34.49"; classtype:trojan-activity; sid:100000383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.243.43.17"; classtype:trojan-activity; sid:100000384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.245.102.142"; classtype:trojan-activity; sid:100000385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.245.151.9"; classtype:trojan-activity; sid:100000386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.245.177.1"; classtype:trojan-activity; sid:100000387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.245.211.210"; classtype:trojan-activity; sid:100000388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.245.228.70"; classtype:trojan-activity; sid:100000389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.245.254.76"; classtype:trojan-activity; sid:100000390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.245.51.48"; classtype:trojan-activity; sid:100000391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.133.100"; classtype:trojan-activity; sid:100000392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.160.199"; classtype:trojan-activity; sid:100000393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.166.253"; classtype:trojan-activity; sid:100000394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.177.221"; classtype:trojan-activity; sid:100000395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.180.31"; classtype:trojan-activity; sid:100000396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.21.56"; classtype:trojan-activity; sid:100000397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.228.250"; classtype:trojan-activity; sid:100000398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.23.127"; classtype:trojan-activity; sid:100000399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.250.82"; classtype:trojan-activity; sid:100000400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.51.28"; classtype:trojan-activity; sid:100000401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.54.87"; classtype:trojan-activity; sid:100000402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.246.59.9"; classtype:trojan-activity; sid:100000403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.247.165.122"; classtype:trojan-activity; sid:100000404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.247.210.45"; classtype:trojan-activity; sid:100000405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.247.215.142"; classtype:trojan-activity; sid:100000406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.247.219.48"; classtype:trojan-activity; sid:100000407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.247.22.22"; classtype:trojan-activity; sid:100000408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.247.231.203"; classtype:trojan-activity; sid:100000409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.247.70.191"; classtype:trojan-activity; sid:100000410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.100.192"; classtype:trojan-activity; sid:100000411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.101.208"; classtype:trojan-activity; sid:100000412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.103.66"; classtype:trojan-activity; sid:100000413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.104.166"; classtype:trojan-activity; sid:100000414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.105.64"; classtype:trojan-activity; sid:100000415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.106.133"; classtype:trojan-activity; sid:100000416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.106.179"; classtype:trojan-activity; sid:100000417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.106.216"; classtype:trojan-activity; sid:100000418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.109.202"; classtype:trojan-activity; sid:100000419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.109.243"; classtype:trojan-activity; sid:100000420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.109.54"; classtype:trojan-activity; sid:100000421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.110.48"; classtype:trojan-activity; sid:100000422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.111.200"; classtype:trojan-activity; sid:100000423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.111.83"; classtype:trojan-activity; sid:100000424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.113.193"; classtype:trojan-activity; sid:100000425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.113.67"; classtype:trojan-activity; sid:100000426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.115.230"; classtype:trojan-activity; sid:100000427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.115.77"; classtype:trojan-activity; sid:100000428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.119.247"; classtype:trojan-activity; sid:100000429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.124.19"; classtype:trojan-activity; sid:100000430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.125.66"; classtype:trojan-activity; sid:100000431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.134.198"; classtype:trojan-activity; sid:100000432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.140.249"; classtype:trojan-activity; sid:100000433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.141.27"; classtype:trojan-activity; sid:100000434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.142.61"; classtype:trojan-activity; sid:100000435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.154.241"; classtype:trojan-activity; sid:100000436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.185.196"; classtype:trojan-activity; sid:100000437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.188.145"; classtype:trojan-activity; sid:100000438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.189.225"; classtype:trojan-activity; sid:100000439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.189.38"; classtype:trojan-activity; sid:100000440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.190.144"; classtype:trojan-activity; sid:100000441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.2.13"; classtype:trojan-activity; sid:100000442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.227.3"; classtype:trojan-activity; sid:100000443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.245.161"; classtype:trojan-activity; sid:100000444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.247.217"; classtype:trojan-activity; sid:100000445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.60.192"; classtype:trojan-activity; sid:100000446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.61.30"; classtype:trojan-activity; sid:100000447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.62.129"; classtype:trojan-activity; sid:100000448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.63.71"; classtype:trojan-activity; sid:100000449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.80.15"; classtype:trojan-activity; sid:100000450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.81.157"; classtype:trojan-activity; sid:100000451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.82.21"; classtype:trojan-activity; sid:100000452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.248.83.48"; classtype:trojan-activity; sid:100000453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.103.252"; classtype:trojan-activity; sid:100000454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.110.209"; classtype:trojan-activity; sid:100000455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.113.80"; classtype:trojan-activity; sid:100000456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.132.113"; classtype:trojan-activity; sid:100000457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.177.76"; classtype:trojan-activity; sid:100000458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.188.115"; classtype:trojan-activity; sid:100000459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.191.185"; classtype:trojan-activity; sid:100000460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.217.194"; classtype:trojan-activity; sid:100000461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.249.232.245"; classtype:trojan-activity; sid:100000462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.250.142.221"; classtype:trojan-activity; sid:100000463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.250.20.208"; classtype:trojan-activity; sid:100000464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.250.243.72"; classtype:trojan-activity; sid:100000465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.250.98.156"; classtype:trojan-activity; sid:100000466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.251.18.12"; classtype:trojan-activity; sid:100000467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.251.223.102"; classtype:trojan-activity; sid:100000468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.251.23.146"; classtype:trojan-activity; sid:100000469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.251.254.217"; classtype:trojan-activity; sid:100000470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.251.43.10"; classtype:trojan-activity; sid:100000471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.252.119.200"; classtype:trojan-activity; sid:100000472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.252.138.1"; classtype:trojan-activity; sid:100000473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.252.198.19"; classtype:trojan-activity; sid:100000474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.252.51.229"; classtype:trojan-activity; sid:100000475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.252.94.255"; classtype:trojan-activity; sid:100000476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.253.11.38"; classtype:trojan-activity; sid:100000477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.254.195.115"; classtype:trojan-activity; sid:100000478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.255.107.16"; classtype:trojan-activity; sid:100000479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.255.148.255"; classtype:trojan-activity; sid:100000480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.255.178.53"; classtype:trojan-activity; sid:100000481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.255.213.84"; classtype:trojan-activity; sid:100000482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.255.86.207"; classtype:trojan-activity; sid:100000483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.26.161.238"; classtype:trojan-activity; sid:100000484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.123.173"; classtype:trojan-activity; sid:100000485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.108"; classtype:trojan-activity; sid:100000486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.109"; classtype:trojan-activity; sid:100000487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.110"; classtype:trojan-activity; sid:100000488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.111"; classtype:trojan-activity; sid:100000489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.112"; classtype:trojan-activity; sid:100000490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.113"; classtype:trojan-activity; sid:100000491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.114"; classtype:trojan-activity; sid:100000492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.115"; classtype:trojan-activity; sid:100000493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.116"; classtype:trojan-activity; sid:100000494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.117"; classtype:trojan-activity; sid:100000495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.118"; classtype:trojan-activity; sid:100000496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.119"; classtype:trojan-activity; sid:100000497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.121"; classtype:trojan-activity; sid:100000498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.122"; classtype:trojan-activity; sid:100000499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.125"; classtype:trojan-activity; sid:100000500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.127"; classtype:trojan-activity; sid:100000501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.128"; classtype:trojan-activity; sid:100000502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.130"; classtype:trojan-activity; sid:100000503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.132"; classtype:trojan-activity; sid:100000504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.133"; classtype:trojan-activity; sid:100000505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.134"; classtype:trojan-activity; sid:100000506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.136"; classtype:trojan-activity; sid:100000507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.138"; classtype:trojan-activity; sid:100000508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.139"; classtype:trojan-activity; sid:100000509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.140"; classtype:trojan-activity; sid:100000510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.142"; classtype:trojan-activity; sid:100000511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.144"; classtype:trojan-activity; sid:100000512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.145"; classtype:trojan-activity; sid:100000513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.146"; classtype:trojan-activity; sid:100000514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.147"; classtype:trojan-activity; sid:100000515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.149"; classtype:trojan-activity; sid:100000516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.150"; classtype:trojan-activity; sid:100000517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.151"; classtype:trojan-activity; sid:100000518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.153"; classtype:trojan-activity; sid:100000519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.155"; classtype:trojan-activity; sid:100000520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.158"; classtype:trojan-activity; sid:100000521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.160"; classtype:trojan-activity; sid:100000522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.162"; classtype:trojan-activity; sid:100000523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.163"; classtype:trojan-activity; sid:100000524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.165"; classtype:trojan-activity; sid:100000525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.168"; classtype:trojan-activity; sid:100000526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.171"; classtype:trojan-activity; sid:100000527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.172"; classtype:trojan-activity; sid:100000528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.173"; classtype:trojan-activity; sid:100000529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.175"; classtype:trojan-activity; sid:100000530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.176"; classtype:trojan-activity; sid:100000531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.177"; classtype:trojan-activity; sid:100000532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.124.178"; classtype:trojan-activity; sid:100000533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.127.155"; classtype:trojan-activity; sid:100000534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.80.120"; classtype:trojan-activity; sid:100000535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.83.182"; classtype:trojan-activity; sid:100000536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.87.130"; classtype:trojan-activity; sid:100000537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.27.87.203"; classtype:trojan-activity; sid:100000538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.119"; classtype:trojan-activity; sid:100000539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.133"; classtype:trojan-activity; sid:100000540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.149"; classtype:trojan-activity; sid:100000541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.150"; classtype:trojan-activity; sid:100000542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.152"; classtype:trojan-activity; sid:100000543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.155"; classtype:trojan-activity; sid:100000544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.157"; classtype:trojan-activity; sid:100000545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.159"; classtype:trojan-activity; sid:100000546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.163"; classtype:trojan-activity; sid:100000547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.178"; classtype:trojan-activity; sid:100000548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.181"; classtype:trojan-activity; sid:100000549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.182"; classtype:trojan-activity; sid:100000550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.190"; classtype:trojan-activity; sid:100000551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.211"; classtype:trojan-activity; sid:100000552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.230"; classtype:trojan-activity; sid:100000553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.245"; classtype:trojan-activity; sid:100000554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.247"; classtype:trojan-activity; sid:100000555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.54"; classtype:trojan-activity; sid:100000556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.1.90"; classtype:trojan-activity; sid:100000557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.27"; classtype:trojan-activity; sid:100000558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.30"; classtype:trojan-activity; sid:100000559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.31"; classtype:trojan-activity; sid:100000560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.33"; classtype:trojan-activity; sid:100000561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.37"; classtype:trojan-activity; sid:100000562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.41"; classtype:trojan-activity; sid:100000563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.42"; classtype:trojan-activity; sid:100000564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.45"; classtype:trojan-activity; sid:100000565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.48"; classtype:trojan-activity; sid:100000566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.52"; classtype:trojan-activity; sid:100000567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.57"; classtype:trojan-activity; sid:100000568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.58"; classtype:trojan-activity; sid:100000569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.110.62"; classtype:trojan-activity; sid:100000570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.35.237"; classtype:trojan-activity; sid:100000571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.37.188"; classtype:trojan-activity; sid:100000572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.37.79"; classtype:trojan-activity; sid:100000573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.38.19"; classtype:trojan-activity; sid:100000574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.4.119"; classtype:trojan-activity; sid:100000575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.4.124"; classtype:trojan-activity; sid:100000576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.4.172"; classtype:trojan-activity; sid:100000577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.4.52"; classtype:trojan-activity; sid:100000578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.30.4.61"; classtype:trojan-activity; sid:100000579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.0.113"; classtype:trojan-activity; sid:100000580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.0.118"; classtype:trojan-activity; sid:100000581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.0.212"; classtype:trojan-activity; sid:100000582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.211.135"; classtype:trojan-activity; sid:100000583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.67.142"; classtype:trojan-activity; sid:100000584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.8.172"; classtype:trojan-activity; sid:100000585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.8.191"; classtype:trojan-activity; sid:100000586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.31.8.192"; classtype:trojan-activity; sid:100000587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.72.153.37"; classtype:trojan-activity; sid:100000588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.72.162.159"; classtype:trojan-activity; sid:100000589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.78.45.158"; classtype:trojan-activity; sid:100000590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.80.116.65"; classtype:trojan-activity; sid:100000591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.80.117.42"; classtype:trojan-activity; sid:100000592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.80.71.93"; classtype:trojan-activity; sid:100000593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.81.233.166"; classtype:trojan-activity; sid:100000594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.81.5.111"; classtype:trojan-activity; sid:100000595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.82.139.58"; classtype:trojan-activity; sid:100000596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.82.163.88"; classtype:trojan-activity; sid:100000597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.82.173.169"; classtype:trojan-activity; sid:100000598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.83.28.24"; classtype:trojan-activity; sid:100000599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.83.56.48"; classtype:trojan-activity; sid:100000600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.85.211.60"; classtype:trojan-activity; sid:100000601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.85.244.65"; classtype:trojan-activity; sid:100000602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.86.255.100"; classtype:trojan-activity; sid:100000603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.87.180.132"; classtype:trojan-activity; sid:100000604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.93.15.44"; classtype:trojan-activity; sid:100000605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.95.81.203"; classtype:trojan-activity; sid:100000606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.95.81.30"; classtype:trojan-activity; sid:100000607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.95.82.242"; classtype:trojan-activity; sid:100000608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.95.85.101"; classtype:trojan-activity; sid:100000609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.95.92.9"; classtype:trojan-activity; sid:100000610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112.95.95.190"; classtype:trojan-activity; sid:100000611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.101.246.215"; classtype:trojan-activity; sid:100000612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.102.130.95"; classtype:trojan-activity; sid:100000613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.102.131.223"; classtype:trojan-activity; sid:100000614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.102.81.187"; classtype:trojan-activity; sid:100000615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.104.186.174"; classtype:trojan-activity; sid:100000616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.11.95.254"; classtype:trojan-activity; sid:100000617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.110.165.99"; classtype:trojan-activity; sid:100000618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.110.197.40"; classtype:trojan-activity; sid:100000619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.110.203.141"; classtype:trojan-activity; sid:100000620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.110.242.100"; classtype:trojan-activity; sid:100000621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.104.136"; classtype:trojan-activity; sid:100000622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.129.227"; classtype:trojan-activity; sid:100000623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.150.91"; classtype:trojan-activity; sid:100000624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.153.36"; classtype:trojan-activity; sid:100000625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.170.148"; classtype:trojan-activity; sid:100000626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.218.66"; classtype:trojan-activity; sid:100000627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.219.36"; classtype:trojan-activity; sid:100000628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.245.130"; classtype:trojan-activity; sid:100000629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.4.233"; classtype:trojan-activity; sid:100000630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.40.76"; classtype:trojan-activity; sid:100000631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.51.13"; classtype:trojan-activity; sid:100000632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.89.114"; classtype:trojan-activity; sid:100000633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.89.122"; classtype:trojan-activity; sid:100000634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.116.91.128"; classtype:trojan-activity; sid:100000635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.118.13.144"; classtype:trojan-activity; sid:100000636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.118.13.175"; classtype:trojan-activity; sid:100000637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.118.14.88"; classtype:trojan-activity; sid:100000638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.118.15.225"; classtype:trojan-activity; sid:100000639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.118.85.131"; classtype:trojan-activity; sid:100000640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.123.65.245"; classtype:trojan-activity; sid:100000641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.133.230.23"; classtype:trojan-activity; sid:100000642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.161.208.9"; classtype:trojan-activity; sid:100000643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.161.58.249"; classtype:trojan-activity; sid:100000644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.161.85.21"; classtype:trojan-activity; sid:100000645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.163.35.203"; classtype:trojan-activity; sid:100000646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.170.167.45"; classtype:trojan-activity; sid:100000647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.172.29.19"; classtype:trojan-activity; sid:100000648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.174.143.83"; classtype:trojan-activity; sid:100000649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.178.138.52"; classtype:trojan-activity; sid:100000650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.188.115.39"; classtype:trojan-activity; sid:100000651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.194.134.121"; classtype:trojan-activity; sid:100000652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.194.136.164"; classtype:trojan-activity; sid:100000653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.194.141.175"; classtype:trojan-activity; sid:100000654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.194.143.101"; classtype:trojan-activity; sid:100000655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.195.163.206"; classtype:trojan-activity; sid:100000656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.195.164.122"; classtype:trojan-activity; sid:100000657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.195.166.111"; classtype:trojan-activity; sid:100000658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.195.166.146"; classtype:trojan-activity; sid:100000659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.201.219.187"; classtype:trojan-activity; sid:100000660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.218.216.89"; classtype:trojan-activity; sid:100000661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.225.133.149"; classtype:trojan-activity; sid:100000662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.225.139.228"; classtype:trojan-activity; sid:100000663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.225.30.179"; classtype:trojan-activity; sid:100000664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.225.46.78"; classtype:trojan-activity; sid:100000665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.226.44.133"; classtype:trojan-activity; sid:100000666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.227.174.154"; classtype:trojan-activity; sid:100000667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.227.212.198"; classtype:trojan-activity; sid:100000668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.227.55.220"; classtype:trojan-activity; sid:100000669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.228.57.88"; classtype:trojan-activity; sid:100000670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.229.25.99"; classtype:trojan-activity; sid:100000671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.23.72.152"; classtype:trojan-activity; sid:100000672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.231.197.241"; classtype:trojan-activity; sid:100000673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.232.17.13"; classtype:trojan-activity; sid:100000674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.232.234.56"; classtype:trojan-activity; sid:100000675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.232.51.8"; classtype:trojan-activity; sid:100000676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.233.207.212"; classtype:trojan-activity; sid:100000677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.234.15.197"; classtype:trojan-activity; sid:100000678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.234.183.138"; classtype:trojan-activity; sid:100000679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.234.201.44"; classtype:trojan-activity; sid:100000680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.235.117.114"; classtype:trojan-activity; sid:100000681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.235.117.136"; classtype:trojan-activity; sid:100000682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.235.117.75"; classtype:trojan-activity; sid:100000683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.235.203.250"; classtype:trojan-activity; sid:100000684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.235.224.200"; classtype:trojan-activity; sid:100000685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.238.67.23"; classtype:trojan-activity; sid:100000686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.240.30.175"; classtype:trojan-activity; sid:100000687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.245.185.5"; classtype:trojan-activity; sid:100000688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.245.191.1"; classtype:trojan-activity; sid:100000689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.246.129.79"; classtype:trojan-activity; sid:100000690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.246.131.187"; classtype:trojan-activity; sid:100000691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.246.133.24"; classtype:trojan-activity; sid:100000692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.251.235.19"; classtype:trojan-activity; sid:100000693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.3.159.85"; classtype:trojan-activity; sid:100000694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.4.70.253"; classtype:trojan-activity; sid:100000695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.53.228.47"; classtype:trojan-activity; sid:100000696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.56.148.94"; classtype:trojan-activity; sid:100000697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.56.89.147"; classtype:trojan-activity; sid:100000698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.59.187.154"; classtype:trojan-activity; sid:100000699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.8.204.237"; classtype:trojan-activity; sid:100000700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.81.232.241"; classtype:trojan-activity; sid:100000701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.87.186.64"; classtype:trojan-activity; sid:100000702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.87.194.41"; classtype:trojan-activity; sid:100000703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.87.194.80"; classtype:trojan-activity; sid:100000704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.87.249.189"; classtype:trojan-activity; sid:100000705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.87.90.207"; classtype:trojan-activity; sid:100000706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.87.97.63"; classtype:trojan-activity; sid:100000707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.103.216"; classtype:trojan-activity; sid:100000708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.116.215"; classtype:trojan-activity; sid:100000709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.209.225"; classtype:trojan-activity; sid:100000710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.211.225"; classtype:trojan-activity; sid:100000711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.211.80"; classtype:trojan-activity; sid:100000712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.240.168"; classtype:trojan-activity; sid:100000713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.241.23"; classtype:trojan-activity; sid:100000714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.28.70"; classtype:trojan-activity; sid:100000715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.65.108"; classtype:trojan-activity; sid:100000716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.88.86.238"; classtype:trojan-activity; sid:100000717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.89.103.82"; classtype:trojan-activity; sid:100000718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.89.40.226"; classtype:trojan-activity; sid:100000719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.89.42.225"; classtype:trojan-activity; sid:100000720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.9.81.159"; classtype:trojan-activity; sid:100000721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.160.155"; classtype:trojan-activity; sid:100000722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.162.108"; classtype:trojan-activity; sid:100000723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.176.211"; classtype:trojan-activity; sid:100000724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.176.66"; classtype:trojan-activity; sid:100000725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.178.196"; classtype:trojan-activity; sid:100000726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.178.228"; classtype:trojan-activity; sid:100000727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.178.38"; classtype:trojan-activity; sid:100000728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.179.208"; classtype:trojan-activity; sid:100000729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.186.55"; classtype:trojan-activity; sid:100000730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.191.67"; classtype:trojan-activity; sid:100000731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.221.206"; classtype:trojan-activity; sid:100000732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.224.152"; classtype:trojan-activity; sid:100000733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.226.26"; classtype:trojan-activity; sid:100000734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.227.108"; classtype:trojan-activity; sid:100000735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.238.237"; classtype:trojan-activity; sid:100000736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.24.207"; classtype:trojan-activity; sid:100000737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.90.246.124"; classtype:trojan-activity; sid:100000738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.91.160.25"; classtype:trojan-activity; sid:100000739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.98.59.219"; classtype:trojan-activity; sid:100000740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.149.175.163"; classtype:trojan-activity; sid:100000741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.199.219.95"; classtype:trojan-activity; sid:100000742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.221.71.151"; classtype:trojan-activity; sid:100000743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.224.76.182"; classtype:trojan-activity; sid:100000744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.225.229.149"; classtype:trojan-activity; sid:100000745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.225.47.235"; classtype:trojan-activity; sid:100000746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.226.119.139"; classtype:trojan-activity; sid:100000747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.226.196.167"; classtype:trojan-activity; sid:100000748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.227.112.201"; classtype:trojan-activity; sid:100000749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.227.131.240"; classtype:trojan-activity; sid:100000750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.227.143.9"; classtype:trojan-activity; sid:100000751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.227.150.240"; classtype:trojan-activity; sid:100000752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.228.155.182"; classtype:trojan-activity; sid:100000753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.228.157.16"; classtype:trojan-activity; sid:100000754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.228.161.71"; classtype:trojan-activity; sid:100000755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.228.200.63"; classtype:trojan-activity; sid:100000756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.228.84.85"; classtype:trojan-activity; sid:100000757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.229.212.36"; classtype:trojan-activity; sid:100000758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.229.77.19"; classtype:trojan-activity; sid:100000759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.234.236.154"; classtype:trojan-activity; sid:100000760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.234.44.183"; classtype:trojan-activity; sid:100000761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.236.28.7"; classtype:trojan-activity; sid:100000762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.238.58.247"; classtype:trojan-activity; sid:100000763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.16.200"; classtype:trojan-activity; sid:100000764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.16.227"; classtype:trojan-activity; sid:100000765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.164.157"; classtype:trojan-activity; sid:100000766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.164.16"; classtype:trojan-activity; sid:100000767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.164.162"; classtype:trojan-activity; sid:100000768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.164.167"; classtype:trojan-activity; sid:100000769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.164.55"; classtype:trojan-activity; sid:100000770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.110"; classtype:trojan-activity; sid:100000771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.112"; classtype:trojan-activity; sid:100000772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.131"; classtype:trojan-activity; sid:100000773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.193"; classtype:trojan-activity; sid:100000774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.20"; classtype:trojan-activity; sid:100000775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.218"; classtype:trojan-activity; sid:100000776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.27"; classtype:trojan-activity; sid:100000777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.29"; classtype:trojan-activity; sid:100000778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.37"; classtype:trojan-activity; sid:100000779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.165.53"; classtype:trojan-activity; sid:100000780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.134"; classtype:trojan-activity; sid:100000781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.16"; classtype:trojan-activity; sid:100000782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.177"; classtype:trojan-activity; sid:100000783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.192"; classtype:trojan-activity; sid:100000784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.252"; classtype:trojan-activity; sid:100000785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.32"; classtype:trojan-activity; sid:100000786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.61"; classtype:trojan-activity; sid:100000787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.68"; classtype:trojan-activity; sid:100000788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.85"; classtype:trojan-activity; sid:100000789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.166.86"; classtype:trojan-activity; sid:100000790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.167.24"; classtype:trojan-activity; sid:100000791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.167.58"; classtype:trojan-activity; sid:100000792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.17.53"; classtype:trojan-activity; sid:100000793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.174.92"; classtype:trojan-activity; sid:100000794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.179.2"; classtype:trojan-activity; sid:100000795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.18.1"; classtype:trojan-activity; sid:100000796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.18.137"; classtype:trojan-activity; sid:100000797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.18.17"; classtype:trojan-activity; sid:100000798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.181.187"; classtype:trojan-activity; sid:100000799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.182.179"; classtype:trojan-activity; sid:100000800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.19.18"; classtype:trojan-activity; sid:100000801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.19.70"; classtype:trojan-activity; sid:100000802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.19.9"; classtype:trojan-activity; sid:100000803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.241.0"; classtype:trojan-activity; sid:100000804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.246.32"; classtype:trojan-activity; sid:100000805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.247.240"; classtype:trojan-activity; sid:100000806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.25.153"; classtype:trojan-activity; sid:100000807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.32.149"; classtype:trojan-activity; sid:100000808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.51.153"; classtype:trojan-activity; sid:100000809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.239.51.77"; classtype:trojan-activity; sid:100000810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.29.38.221"; classtype:trojan-activity; sid:100000811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.30.54.64"; classtype:trojan-activity; sid:100000812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.35.27.8"; classtype:trojan-activity; sid:100000813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.35.47.116"; classtype:trojan-activity; sid:100000814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.37.68.47"; classtype:trojan-activity; sid:100000815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.38.118.87"; classtype:trojan-activity; sid:100000816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"114.45.174.240"; classtype:trojan-activity; sid:100000817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.165.200.130"; classtype:trojan-activity; sid:100000818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.165.200.32"; classtype:trojan-activity; sid:100000819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.165.214.109"; classtype:trojan-activity; sid:100000820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.165.214.8"; classtype:trojan-activity; sid:100000821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.165.216.112"; classtype:trojan-activity; sid:100000822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.186.126.220"; classtype:trojan-activity; sid:100000823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.195.18.40"; classtype:trojan-activity; sid:100000824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.20.155.44"; classtype:trojan-activity; sid:100000825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.201.105.24"; classtype:trojan-activity; sid:100000826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.201.43.190"; classtype:trojan-activity; sid:100000827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.202.238.158"; classtype:trojan-activity; sid:100000828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.203.109.63"; classtype:trojan-activity; sid:100000829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.204.146.23"; classtype:trojan-activity; sid:100000830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.207.124.150"; classtype:trojan-activity; sid:100000831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.207.224.42"; classtype:trojan-activity; sid:100000832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.207.26.249"; classtype:trojan-activity; sid:100000833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.207.4.18"; classtype:trojan-activity; sid:100000834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.208.114.151"; classtype:trojan-activity; sid:100000835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.212.70.213"; classtype:trojan-activity; sid:100000836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.215.106.102"; classtype:trojan-activity; sid:100000837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.215.135.54"; classtype:trojan-activity; sid:100000838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.225.106.30"; classtype:trojan-activity; sid:100000839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.225.172.121"; classtype:trojan-activity; sid:100000840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.229.224.68"; classtype:trojan-activity; sid:100000841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.23.112.218"; classtype:trojan-activity; sid:100000842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.230.60.250"; classtype:trojan-activity; sid:100000843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.237.156.66"; classtype:trojan-activity; sid:100000844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.237.42.48"; classtype:trojan-activity; sid:100000845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.238.97.218"; classtype:trojan-activity; sid:100000846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.146.112"; classtype:trojan-activity; sid:100000847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.147.65"; classtype:trojan-activity; sid:100000848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.149.113"; classtype:trojan-activity; sid:100000849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.16.49"; classtype:trojan-activity; sid:100000850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.194.169"; classtype:trojan-activity; sid:100000851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.196.95"; classtype:trojan-activity; sid:100000852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.23.158"; classtype:trojan-activity; sid:100000853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.25.179"; classtype:trojan-activity; sid:100000854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.35.170"; classtype:trojan-activity; sid:100000855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.35.31"; classtype:trojan-activity; sid:100000856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.5.1"; classtype:trojan-activity; sid:100000857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.85.180"; classtype:trojan-activity; sid:100000858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.48.97.70"; classtype:trojan-activity; sid:100000859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.101.223"; classtype:trojan-activity; sid:100000860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.176.117"; classtype:trojan-activity; sid:100000861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.193.216"; classtype:trojan-activity; sid:100000862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.203.5"; classtype:trojan-activity; sid:100000863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.233.162"; classtype:trojan-activity; sid:100000864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.237.35"; classtype:trojan-activity; sid:100000865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.243.34"; classtype:trojan-activity; sid:100000866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.244.12"; classtype:trojan-activity; sid:100000867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.249.100"; classtype:trojan-activity; sid:100000868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.30.104"; classtype:trojan-activity; sid:100000869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.49.76.32"; classtype:trojan-activity; sid:100000870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.1.132"; classtype:trojan-activity; sid:100000871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.104.117"; classtype:trojan-activity; sid:100000872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.133.29"; classtype:trojan-activity; sid:100000873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.146.113"; classtype:trojan-activity; sid:100000874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.150.115"; classtype:trojan-activity; sid:100000875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.156.119"; classtype:trojan-activity; sid:100000876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.166.155"; classtype:trojan-activity; sid:100000877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.21.112"; classtype:trojan-activity; sid:100000878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.214.198"; classtype:trojan-activity; sid:100000879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.237.95"; classtype:trojan-activity; sid:100000880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.241.131"; classtype:trojan-activity; sid:100000881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.5.133"; classtype:trojan-activity; sid:100000882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.58.209"; classtype:trojan-activity; sid:100000883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.59.46"; classtype:trojan-activity; sid:100000884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.62.47"; classtype:trojan-activity; sid:100000885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.65.236"; classtype:trojan-activity; sid:100000886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.88.121"; classtype:trojan-activity; sid:100000887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.50.98.254"; classtype:trojan-activity; sid:100000888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.107.164"; classtype:trojan-activity; sid:100000889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.109.28"; classtype:trojan-activity; sid:100000890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.121.192"; classtype:trojan-activity; sid:100000891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.124.10"; classtype:trojan-activity; sid:100000892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.125.140"; classtype:trojan-activity; sid:100000893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.28.205"; classtype:trojan-activity; sid:100000894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.90.84"; classtype:trojan-activity; sid:100000895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.51.94.55"; classtype:trojan-activity; sid:100000896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.172.31"; classtype:trojan-activity; sid:100000897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.193.112"; classtype:trojan-activity; sid:100000898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.199.106"; classtype:trojan-activity; sid:100000899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.227.249"; classtype:trojan-activity; sid:100000900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.236.166"; classtype:trojan-activity; sid:100000901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.240.76"; classtype:trojan-activity; sid:100000902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.250.97"; classtype:trojan-activity; sid:100000903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.3.183"; classtype:trojan-activity; sid:100000904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.44.76"; classtype:trojan-activity; sid:100000905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.52.55.161"; classtype:trojan-activity; sid:100000906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.53.228.4"; classtype:trojan-activity; sid:100000907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.53.246.167"; classtype:trojan-activity; sid:100000908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.54.117.100"; classtype:trojan-activity; sid:100000909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.54.198.60"; classtype:trojan-activity; sid:100000910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.54.220.62"; classtype:trojan-activity; sid:100000911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.54.240.5"; classtype:trojan-activity; sid:100000912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.54.250.4"; classtype:trojan-activity; sid:100000913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.10.199"; classtype:trojan-activity; sid:100000914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.141.225"; classtype:trojan-activity; sid:100000915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.144.202"; classtype:trojan-activity; sid:100000916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.144.34"; classtype:trojan-activity; sid:100000917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.146.21"; classtype:trojan-activity; sid:100000918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.146.36"; classtype:trojan-activity; sid:100000919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.156.105"; classtype:trojan-activity; sid:100000920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.164.246"; classtype:trojan-activity; sid:100000921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.176.119"; classtype:trojan-activity; sid:100000922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.177.229"; classtype:trojan-activity; sid:100000923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.181.18"; classtype:trojan-activity; sid:100000924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.20.152"; classtype:trojan-activity; sid:100000925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.216.188"; classtype:trojan-activity; sid:100000926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.237.122"; classtype:trojan-activity; sid:100000927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.46.218"; classtype:trojan-activity; sid:100000928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.55.6.170"; classtype:trojan-activity; sid:100000929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.112.126"; classtype:trojan-activity; sid:100000930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.128.135"; classtype:trojan-activity; sid:100000931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.129.54"; classtype:trojan-activity; sid:100000932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.130.161"; classtype:trojan-activity; sid:100000933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.136.143"; classtype:trojan-activity; sid:100000934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.138.80"; classtype:trojan-activity; sid:100000935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.141.252"; classtype:trojan-activity; sid:100000936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.142.26"; classtype:trojan-activity; sid:100000937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.143.17"; classtype:trojan-activity; sid:100000938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.143.86"; classtype:trojan-activity; sid:100000939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.144.43"; classtype:trojan-activity; sid:100000940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.149.241"; classtype:trojan-activity; sid:100000941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.151.60"; classtype:trojan-activity; sid:100000942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.151.8"; classtype:trojan-activity; sid:100000943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.156.228"; classtype:trojan-activity; sid:100000944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.178.245"; classtype:trojan-activity; sid:100000945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.182.22"; classtype:trojan-activity; sid:100000946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.183.234"; classtype:trojan-activity; sid:100000947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.187.70"; classtype:trojan-activity; sid:100000948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.187.79"; classtype:trojan-activity; sid:100000949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.31.188"; classtype:trojan-activity; sid:100000950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.56.31.192"; classtype:trojan-activity; sid:100000951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.129.40"; classtype:trojan-activity; sid:100000952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.134.219"; classtype:trojan-activity; sid:100000953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.135.3"; classtype:trojan-activity; sid:100000954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.138.221"; classtype:trojan-activity; sid:100000955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.169.99"; classtype:trojan-activity; sid:100000956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.33.115"; classtype:trojan-activity; sid:100000957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.33.246"; classtype:trojan-activity; sid:100000958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.34.194"; classtype:trojan-activity; sid:100000959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.41.164"; classtype:trojan-activity; sid:100000960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.49.252"; classtype:trojan-activity; sid:100000961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.58.94.53"; classtype:trojan-activity; sid:100000962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.100.206"; classtype:trojan-activity; sid:100000963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.118.208"; classtype:trojan-activity; sid:100000964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.192.72"; classtype:trojan-activity; sid:100000965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.198.49"; classtype:trojan-activity; sid:100000966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.214.30"; classtype:trojan-activity; sid:100000967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.215.129"; classtype:trojan-activity; sid:100000968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.215.18"; classtype:trojan-activity; sid:100000969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.215.61"; classtype:trojan-activity; sid:100000970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.218.6"; classtype:trojan-activity; sid:100000971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.221.132"; classtype:trojan-activity; sid:100000972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.230.209"; classtype:trojan-activity; sid:100000973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.243.248"; classtype:trojan-activity; sid:100000974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.33.129"; classtype:trojan-activity; sid:100000975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.59.96.247"; classtype:trojan-activity; sid:100000976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.60.203.198"; classtype:trojan-activity; sid:100000977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.109.14"; classtype:trojan-activity; sid:100000978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.115.242"; classtype:trojan-activity; sid:100000979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.134.152"; classtype:trojan-activity; sid:100000980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.134.39"; classtype:trojan-activity; sid:100000981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.138.237"; classtype:trojan-activity; sid:100000982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.144.94"; classtype:trojan-activity; sid:100000983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.175.192"; classtype:trojan-activity; sid:100000984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.181.238"; classtype:trojan-activity; sid:100000985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.185.145"; classtype:trojan-activity; sid:100000986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.189.117"; classtype:trojan-activity; sid:100000987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.61.34.17"; classtype:trojan-activity; sid:100000988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.62.144.54"; classtype:trojan-activity; sid:100000989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.62.157.138"; classtype:trojan-activity; sid:100000990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.129.232"; classtype:trojan-activity; sid:100000991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.133.166"; classtype:trojan-activity; sid:100000992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.137.84"; classtype:trojan-activity; sid:100000993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.150.105"; classtype:trojan-activity; sid:100000994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.167.45"; classtype:trojan-activity; sid:100000995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.182.217"; classtype:trojan-activity; sid:100000996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.201.65"; classtype:trojan-activity; sid:100000997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.32.145"; classtype:trojan-activity; sid:100000998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.54.37"; classtype:trojan-activity; sid:100000999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.63.57.16"; classtype:trojan-activity; sid:100001000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.75.217.79"; classtype:trojan-activity; sid:100001001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.97.143.173"; classtype:trojan-activity; sid:100001002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.98.176.195"; classtype:trojan-activity; sid:100001003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"115.98.21.187"; classtype:trojan-activity; sid:100001004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.116.109.84"; classtype:trojan-activity; sid:100001005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.132.160.105"; classtype:trojan-activity; sid:100001006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.138.112.73"; classtype:trojan-activity; sid:100001007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.139.124.109"; classtype:trojan-activity; sid:100001008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.149.121.75"; classtype:trojan-activity; sid:100001009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.177.15.105"; classtype:trojan-activity; sid:100001010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.179.152.41"; classtype:trojan-activity; sid:100001011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.179.157.173"; classtype:trojan-activity; sid:100001012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.179.158.235"; classtype:trojan-activity; sid:100001013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.2.162.212"; classtype:trojan-activity; sid:100001014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.2.173.20"; classtype:trojan-activity; sid:100001015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.20.81.4"; classtype:trojan-activity; sid:100001016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.211.100.26"; classtype:trojan-activity; sid:100001017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.212.152.123"; classtype:trojan-activity; sid:100001018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.212.156.44"; classtype:trojan-activity; sid:100001019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.225.83.235"; classtype:trojan-activity; sid:100001020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.24.101.79"; classtype:trojan-activity; sid:100001021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.24.82.190"; classtype:trojan-activity; sid:100001022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.24.83.195"; classtype:trojan-activity; sid:100001023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.241.137.29"; classtype:trojan-activity; sid:100001024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.241.193.247"; classtype:trojan-activity; sid:100001025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.248.137.153"; classtype:trojan-activity; sid:100001026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.25.132.3"; classtype:trojan-activity; sid:100001027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.25.135.154"; classtype:trojan-activity; sid:100001028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.25.225.114"; classtype:trojan-activity; sid:100001029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.3.195.159"; classtype:trojan-activity; sid:100001030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.7.10.78"; classtype:trojan-activity; sid:100001031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.74.18.154"; classtype:trojan-activity; sid:100001032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.75.194.94"; classtype:trojan-activity; sid:100001033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"116.75.212.30"; classtype:trojan-activity; sid:100001034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.12.207.31"; classtype:trojan-activity; sid:100001035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.132.4.248"; classtype:trojan-activity; sid:100001036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.176.115.16"; classtype:trojan-activity; sid:100001037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.193.233.237"; classtype:trojan-activity; sid:100001038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.193.66.155"; classtype:trojan-activity; sid:100001039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.194.162.85"; classtype:trojan-activity; sid:100001040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.194.166.70"; classtype:trojan-activity; sid:100001041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.194.167.114"; classtype:trojan-activity; sid:100001042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.194.167.28"; classtype:trojan-activity; sid:100001043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.194.175.250"; classtype:trojan-activity; sid:100001044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.20.208"; classtype:trojan-activity; sid:100001045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.24.191"; classtype:trojan-activity; sid:100001046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.24.75"; classtype:trojan-activity; sid:100001047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.25.180"; classtype:trojan-activity; sid:100001048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.27.229"; classtype:trojan-activity; sid:100001049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.30.118"; classtype:trojan-activity; sid:100001050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.48.62"; classtype:trojan-activity; sid:100001051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.49.240"; classtype:trojan-activity; sid:100001052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.50.61"; classtype:trojan-activity; sid:100001053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.59.202"; classtype:trojan-activity; sid:100001054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.196.62.75"; classtype:trojan-activity; sid:100001055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.198.164.61"; classtype:trojan-activity; sid:100001056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.198.167.79"; classtype:trojan-activity; sid:100001057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.198.243.24"; classtype:trojan-activity; sid:100001058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.198.244.221"; classtype:trojan-activity; sid:100001059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.198.244.45"; classtype:trojan-activity; sid:100001060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.20.243.40"; classtype:trojan-activity; sid:100001061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.201.194.246"; classtype:trojan-activity; sid:100001062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.201.199.173"; classtype:trojan-activity; sid:100001063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.201.200.1"; classtype:trojan-activity; sid:100001064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.201.201.63"; classtype:trojan-activity; sid:100001065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.201.203.77"; classtype:trojan-activity; sid:100001066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.201.46.55"; classtype:trojan-activity; sid:100001067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.202.54.201"; classtype:trojan-activity; sid:100001068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.204.146.245"; classtype:trojan-activity; sid:100001069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.204.151.8"; classtype:trojan-activity; sid:100001070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.204.153.171"; classtype:trojan-activity; sid:100001071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.204.153.27"; classtype:trojan-activity; sid:100001072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.204.156.207"; classtype:trojan-activity; sid:100001073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.207.235.195"; classtype:trojan-activity; sid:100001074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.207.237.62"; classtype:trojan-activity; sid:100001075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.207.239.183"; classtype:trojan-activity; sid:100001076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.213.10.59"; classtype:trojan-activity; sid:100001077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.213.12.53"; classtype:trojan-activity; sid:100001078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.213.40.223"; classtype:trojan-activity; sid:100001079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.213.43.227"; classtype:trojan-activity; sid:100001080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.213.45.75"; classtype:trojan-activity; sid:100001081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.208.25"; classtype:trojan-activity; sid:100001082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.212.153"; classtype:trojan-activity; sid:100001083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.242.239"; classtype:trojan-activity; sid:100001084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.244.21"; classtype:trojan-activity; sid:100001085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.247.246"; classtype:trojan-activity; sid:100001086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.247.50"; classtype:trojan-activity; sid:100001087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.249.8"; classtype:trojan-activity; sid:100001088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.253.129"; classtype:trojan-activity; sid:100001089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.215.253.176"; classtype:trojan-activity; sid:100001090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.217.145.50"; classtype:trojan-activity; sid:100001091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.217.148.90"; classtype:trojan-activity; sid:100001092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.217.150.207"; classtype:trojan-activity; sid:100001093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.217.153.98"; classtype:trojan-activity; sid:100001094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.217.159.241"; classtype:trojan-activity; sid:100001095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.220.60.79"; classtype:trojan-activity; sid:100001096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.221.179.181"; classtype:trojan-activity; sid:100001097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.221.179.51"; classtype:trojan-activity; sid:100001098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.221.185.0"; classtype:trojan-activity; sid:100001099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.221.185.125"; classtype:trojan-activity; sid:100001100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.221.190.55"; classtype:trojan-activity; sid:100001101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.222.161.239"; classtype:trojan-activity; sid:100001102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.222.161.62"; classtype:trojan-activity; sid:100001103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.222.165.220"; classtype:trojan-activity; sid:100001104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.222.170.3"; classtype:trojan-activity; sid:100001105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.222.173.128"; classtype:trojan-activity; sid:100001106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.222.188.19"; classtype:trojan-activity; sid:100001107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.222.191.161"; classtype:trojan-activity; sid:100001108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.223.251.166"; classtype:trojan-activity; sid:100001109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.223.83.250"; classtype:trojan-activity; sid:100001110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.223.85.251"; classtype:trojan-activity; sid:100001111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.223.87.227"; classtype:trojan-activity; sid:100001112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.223.90.208"; classtype:trojan-activity; sid:100001113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.223.95.41"; classtype:trojan-activity; sid:100001114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.242.212.77"; classtype:trojan-activity; sid:100001115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.242.215.7"; classtype:trojan-activity; sid:100001116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.242.217.155"; classtype:trojan-activity; sid:100001117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.242.222.255"; classtype:trojan-activity; sid:100001118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.242.49.181"; classtype:trojan-activity; sid:100001119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.248.49.94"; classtype:trojan-activity; sid:100001120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.251.50.87"; classtype:trojan-activity; sid:100001121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.251.58.7"; classtype:trojan-activity; sid:100001122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.251.59.106"; classtype:trojan-activity; sid:100001123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.251.60.84"; classtype:trojan-activity; sid:100001124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.251.62.32"; classtype:trojan-activity; sid:100001125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.26.192.94"; classtype:trojan-activity; sid:100001126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.26.235.44"; classtype:trojan-activity; sid:100001127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.26.238.231"; classtype:trojan-activity; sid:100001128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.26.73.236"; classtype:trojan-activity; sid:100001129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.36.199.38"; classtype:trojan-activity; sid:100001130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.63.51.145"; classtype:trojan-activity; sid:100001131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.85.45.224"; classtype:trojan-activity; sid:100001132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.87.67.181"; classtype:trojan-activity; sid:100001133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.91.139.63"; classtype:trojan-activity; sid:100001134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.95.244.201"; classtype:trojan-activity; sid:100001135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"117.95.244.32"; classtype:trojan-activity; sid:100001136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.127.97.203"; classtype:trojan-activity; sid:100001137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.151.221.74"; classtype:trojan-activity; sid:100001138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.174.118.245"; classtype:trojan-activity; sid:100001139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.176.157.64"; classtype:trojan-activity; sid:100001140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.213.198.187"; classtype:trojan-activity; sid:100001141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.223.32.74"; classtype:trojan-activity; sid:100001142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.12.130"; classtype:trojan-activity; sid:100001143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.127.52"; classtype:trojan-activity; sid:100001144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.128.147"; classtype:trojan-activity; sid:100001145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.131.1"; classtype:trojan-activity; sid:100001146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.164.232"; classtype:trojan-activity; sid:100001147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.170.68"; classtype:trojan-activity; sid:100001148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.194.190"; classtype:trojan-activity; sid:100001149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.208.215"; classtype:trojan-activity; sid:100001150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.209.108"; classtype:trojan-activity; sid:100001151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.212.161"; classtype:trojan-activity; sid:100001152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.214.72"; classtype:trojan-activity; sid:100001153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.58.203"; classtype:trojan-activity; sid:100001154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.88.146"; classtype:trojan-activity; sid:100001155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.232.96.6"; classtype:trojan-activity; sid:100001156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.233.221.162"; classtype:trojan-activity; sid:100001157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.233.62.191"; classtype:trojan-activity; sid:100001158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.233.63.194"; classtype:trojan-activity; sid:100001159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.233.92.158"; classtype:trojan-activity; sid:100001160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.250.104.67"; classtype:trojan-activity; sid:100001161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.250.48.222"; classtype:trojan-activity; sid:100001162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.251.155.191"; classtype:trojan-activity; sid:100001163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.252.81.142"; classtype:trojan-activity; sid:100001164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.36.48.250"; classtype:trojan-activity; sid:100001165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.40.94.152"; classtype:trojan-activity; sid:100001166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.43.180.33"; classtype:trojan-activity; sid:100001167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.75.105.197"; classtype:trojan-activity; sid:100001168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.75.151.135"; classtype:trojan-activity; sid:100001169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.75.165.143"; classtype:trojan-activity; sid:100001170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.75.217.17"; classtype:trojan-activity; sid:100001171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.76.140.69"; classtype:trojan-activity; sid:100001172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.76.166.27"; classtype:trojan-activity; sid:100001173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.76.222.129"; classtype:trojan-activity; sid:100001174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.77.189.26"; classtype:trojan-activity; sid:100001175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.101.191"; classtype:trojan-activity; sid:100001176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.127.254"; classtype:trojan-activity; sid:100001177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.14.135"; classtype:trojan-activity; sid:100001178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.142.227"; classtype:trojan-activity; sid:100001179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.146.34"; classtype:trojan-activity; sid:100001180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.152.203"; classtype:trojan-activity; sid:100001181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.161.21"; classtype:trojan-activity; sid:100001182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.188.73"; classtype:trojan-activity; sid:100001183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.194.64"; classtype:trojan-activity; sid:100001184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.222.26"; classtype:trojan-activity; sid:100001185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.237.37"; classtype:trojan-activity; sid:100001186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.79.3.149"; classtype:trojan-activity; sid:100001187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.81.237.252"; classtype:trojan-activity; sid:100001188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.99.183.235"; classtype:trojan-activity; sid:100001189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"118.99.207.107"; classtype:trojan-activity; sid:100001190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.100.172.59"; classtype:trojan-activity; sid:100001191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.100.196.100"; classtype:trojan-activity; sid:100001192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.102.177.208"; classtype:trojan-activity; sid:100001193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.102.21.37"; classtype:trojan-activity; sid:100001194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.102.63.177"; classtype:trojan-activity; sid:100001195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.102.68.249"; classtype:trojan-activity; sid:100001196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.102.80.141"; classtype:trojan-activity; sid:100001197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.112.20.227"; classtype:trojan-activity; sid:100001198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.113.134.50"; classtype:trojan-activity; sid:100001199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.113.208.120"; classtype:trojan-activity; sid:100001200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.115.252.31"; classtype:trojan-activity; sid:100001201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.116.133.2"; classtype:trojan-activity; sid:100001202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.119.182.40"; classtype:trojan-activity; sid:100001203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.122.113.87"; classtype:trojan-activity; sid:100001204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.123.216.38"; classtype:trojan-activity; sid:100001205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.123.219.243"; classtype:trojan-activity; sid:100001206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.123.227.132"; classtype:trojan-activity; sid:100001207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.123.236.100"; classtype:trojan-activity; sid:100001208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.123.239.176"; classtype:trojan-activity; sid:100001209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.135.0.104"; classtype:trojan-activity; sid:100001210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.139.196.133"; classtype:trojan-activity; sid:100001211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.14.143.145"; classtype:trojan-activity; sid:100001212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.14.168.84"; classtype:trojan-activity; sid:100001213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.163.93.9"; classtype:trojan-activity; sid:100001214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.164.117.136"; classtype:trojan-activity; sid:100001215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.1.228"; classtype:trojan-activity; sid:100001216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.110.35"; classtype:trojan-activity; sid:100001217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.135.187"; classtype:trojan-activity; sid:100001218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.189.225"; classtype:trojan-activity; sid:100001219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.20.17"; classtype:trojan-activity; sid:100001220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.227.222"; classtype:trojan-activity; sid:100001221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.232.242"; classtype:trojan-activity; sid:100001222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.244.51"; classtype:trojan-activity; sid:100001223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.38.94"; classtype:trojan-activity; sid:100001224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.165.82.229"; classtype:trojan-activity; sid:100001225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.166.126.44"; classtype:trojan-activity; sid:100001226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.166.194.24"; classtype:trojan-activity; sid:100001227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.166.23.42"; classtype:trojan-activity; sid:100001228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.144.221"; classtype:trojan-activity; sid:100001229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.173.88"; classtype:trojan-activity; sid:100001230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.221.5"; classtype:trojan-activity; sid:100001231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.233.223"; classtype:trojan-activity; sid:100001232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.235.201"; classtype:trojan-activity; sid:100001233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.242.124"; classtype:trojan-activity; sid:100001234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.245.29"; classtype:trojan-activity; sid:100001235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.178.246.141"; classtype:trojan-activity; sid:100001236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.156.143"; classtype:trojan-activity; sid:100001237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.156.241"; classtype:trojan-activity; sid:100001238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.214.239"; classtype:trojan-activity; sid:100001239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.214.75"; classtype:trojan-activity; sid:100001240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.216.203"; classtype:trojan-activity; sid:100001241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.237.53"; classtype:trojan-activity; sid:100001242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.238.28"; classtype:trojan-activity; sid:100001243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.239.159"; classtype:trojan-activity; sid:100001244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.248.180"; classtype:trojan-activity; sid:100001245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.249.39"; classtype:trojan-activity; sid:100001246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.249.78"; classtype:trojan-activity; sid:100001247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.250.60"; classtype:trojan-activity; sid:100001248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.251.159"; classtype:trojan-activity; sid:100001249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.254.69"; classtype:trojan-activity; sid:100001250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.255.180"; classtype:trojan-activity; sid:100001251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.26.151"; classtype:trojan-activity; sid:100001252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.46.38"; classtype:trojan-activity; sid:100001253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.60.155"; classtype:trojan-activity; sid:100001254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.69.98"; classtype:trojan-activity; sid:100001255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.75.93"; classtype:trojan-activity; sid:100001256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.179.77.128"; classtype:trojan-activity; sid:100001257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.180.117.20"; classtype:trojan-activity; sid:100001258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.180.135.169"; classtype:trojan-activity; sid:100001259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.180.138.151"; classtype:trojan-activity; sid:100001260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.180.16.130"; classtype:trojan-activity; sid:100001261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.180.17.76"; classtype:trojan-activity; sid:100001262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.180.63.187"; classtype:trojan-activity; sid:100001263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.180.91.205"; classtype:trojan-activity; sid:100001264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.182.73.223"; classtype:trojan-activity; sid:100001265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.183.130.64"; classtype:trojan-activity; sid:100001266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.183.68.83"; classtype:trojan-activity; sid:100001267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.183.97.253"; classtype:trojan-activity; sid:100001268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.184.14.35"; classtype:trojan-activity; sid:100001269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.184.51.237"; classtype:trojan-activity; sid:100001270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.184.6.215"; classtype:trojan-activity; sid:100001271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.185.120.242"; classtype:trojan-activity; sid:100001272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.185.169.210"; classtype:trojan-activity; sid:100001273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.185.45.31"; classtype:trojan-activity; sid:100001274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.185.86.69"; classtype:trojan-activity; sid:100001275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.185.91.21"; classtype:trojan-activity; sid:100001276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.100.111"; classtype:trojan-activity; sid:100001277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.114.111"; classtype:trojan-activity; sid:100001278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.205.141"; classtype:trojan-activity; sid:100001279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.208.137"; classtype:trojan-activity; sid:100001280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.208.50"; classtype:trojan-activity; sid:100001281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.209.195"; classtype:trojan-activity; sid:100001282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.209.22"; classtype:trojan-activity; sid:100001283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.210.103"; classtype:trojan-activity; sid:100001284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.186.211.100"; classtype:trojan-activity; sid:100001285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.187.110.185"; classtype:trojan-activity; sid:100001286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.187.234.99"; classtype:trojan-activity; sid:100001287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.187.249.246"; classtype:trojan-activity; sid:100001288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.187.98.192"; classtype:trojan-activity; sid:100001289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.189.138.0"; classtype:trojan-activity; sid:100001290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.189.161.48"; classtype:trojan-activity; sid:100001291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.189.166.33"; classtype:trojan-activity; sid:100001292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.189.168.160"; classtype:trojan-activity; sid:100001293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.190.240.171"; classtype:trojan-activity; sid:100001294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.190.253.36"; classtype:trojan-activity; sid:100001295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.191.138.133"; classtype:trojan-activity; sid:100001296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.191.146.127"; classtype:trojan-activity; sid:100001297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.197.141.101"; classtype:trojan-activity; sid:100001298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.201.196.37"; classtype:trojan-activity; sid:100001299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.202.255.162"; classtype:trojan-activity; sid:100001300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.203.255.89"; classtype:trojan-activity; sid:100001301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.204.30.144"; classtype:trojan-activity; sid:100001302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.206.176.63"; classtype:trojan-activity; sid:100001303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.206.86.8"; classtype:trojan-activity; sid:100001304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.207.227.167"; classtype:trojan-activity; sid:100001305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.250.161.12"; classtype:trojan-activity; sid:100001306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.250.177.51"; classtype:trojan-activity; sid:100001307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.250.24.168"; classtype:trojan-activity; sid:100001308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.36.46.51"; classtype:trojan-activity; sid:100001309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.4.151.64"; classtype:trojan-activity; sid:100001310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.5.146.213"; classtype:trojan-activity; sid:100001311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.56.142.2"; classtype:trojan-activity; sid:100001312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.56.143.71"; classtype:trojan-activity; sid:100001313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.75.137.226"; classtype:trojan-activity; sid:100001314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.77.164.181"; classtype:trojan-activity; sid:100001315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.77.173.35"; classtype:trojan-activity; sid:100001316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.98.141.229"; classtype:trojan-activity; sid:100001317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.99.187.223"; classtype:trojan-activity; sid:100001318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"119.99.242.144"; classtype:trojan-activity; sid:100001319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"12.132.113.2"; classtype:trojan-activity; sid:100001320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"12.207.39.227"; classtype:trojan-activity; sid:100001321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"12.220.237.114"; classtype:trojan-activity; sid:100001322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.1.115.76"; classtype:trojan-activity; sid:100001323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.12.117.118"; classtype:trojan-activity; sid:100001324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.12.138.133"; classtype:trojan-activity; sid:100001325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.12.147.161"; classtype:trojan-activity; sid:100001326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.142.88.222"; classtype:trojan-activity; sid:100001327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.192.167.171"; classtype:trojan-activity; sid:100001328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.192.177.38"; classtype:trojan-activity; sid:100001329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.177"; classtype:trojan-activity; sid:100001330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.179"; classtype:trojan-activity; sid:100001331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.184"; classtype:trojan-activity; sid:100001332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.185"; classtype:trojan-activity; sid:100001333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.186"; classtype:trojan-activity; sid:100001334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.194"; classtype:trojan-activity; sid:100001335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.198"; classtype:trojan-activity; sid:100001336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.201"; classtype:trojan-activity; sid:100001337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.203"; classtype:trojan-activity; sid:100001338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.205"; classtype:trojan-activity; sid:100001339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.207"; classtype:trojan-activity; sid:100001340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.212"; classtype:trojan-activity; sid:100001341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.193.91.215"; classtype:trojan-activity; sid:100001342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.121.243"; classtype:trojan-activity; sid:100001343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.126.214"; classtype:trojan-activity; sid:100001344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.126.225"; classtype:trojan-activity; sid:100001345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.126.228"; classtype:trojan-activity; sid:100001346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.126.235"; classtype:trojan-activity; sid:100001347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.126.240"; classtype:trojan-activity; sid:100001348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.126.60"; classtype:trojan-activity; sid:100001349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.127.187"; classtype:trojan-activity; sid:100001350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.127.79"; classtype:trojan-activity; sid:100001351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.209.99.118"; classtype:trojan-activity; sid:100001352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.238.187.100"; classtype:trojan-activity; sid:100001353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.238.187.104"; classtype:trojan-activity; sid:100001354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.238.187.112"; classtype:trojan-activity; sid:100001355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.238.187.71"; classtype:trojan-activity; sid:100001356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.238.187.77"; classtype:trojan-activity; sid:100001357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.238.189.11"; classtype:trojan-activity; sid:100001358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.238.189.72"; classtype:trojan-activity; sid:100001359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.4.141.185"; classtype:trojan-activity; sid:100001360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.43.54.160"; classtype:trojan-activity; sid:100001361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.57.222.135"; classtype:trojan-activity; sid:100001362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.57.223.77"; classtype:trojan-activity; sid:100001363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.6.181.219"; classtype:trojan-activity; sid:100001364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.6.227.196"; classtype:trojan-activity; sid:100001365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.63.157.216"; classtype:trojan-activity; sid:100001366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.63.221.76"; classtype:trojan-activity; sid:100001367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.7.108.71"; classtype:trojan-activity; sid:100001368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.7.117.165"; classtype:trojan-activity; sid:100001369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.7.120.133"; classtype:trojan-activity; sid:100001370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.7.191.235"; classtype:trojan-activity; sid:100001371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.7.228.217"; classtype:trojan-activity; sid:100001372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.83.78.58"; classtype:trojan-activity; sid:100001373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.83.78.84"; classtype:trojan-activity; sid:100001374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.84.110.100"; classtype:trojan-activity; sid:100001375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.84.117.227"; classtype:trojan-activity; sid:100001376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.84.230.194"; classtype:trojan-activity; sid:100001377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.164.207"; classtype:trojan-activity; sid:100001378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.164.41"; classtype:trojan-activity; sid:100001379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.165.118"; classtype:trojan-activity; sid:100001380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.165.185"; classtype:trojan-activity; sid:100001381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.165.20"; classtype:trojan-activity; sid:100001382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.165.21"; classtype:trojan-activity; sid:100001383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.165.69"; classtype:trojan-activity; sid:100001384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.166.220"; classtype:trojan-activity; sid:100001385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.166.53"; classtype:trojan-activity; sid:100001386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.166.55"; classtype:trojan-activity; sid:100001387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.166.81"; classtype:trojan-activity; sid:100001388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.167.18"; classtype:trojan-activity; sid:100001389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.167.239"; classtype:trojan-activity; sid:100001390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.167.254"; classtype:trojan-activity; sid:100001391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.168.148"; classtype:trojan-activity; sid:100001392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.168.187"; classtype:trojan-activity; sid:100001393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.168.81"; classtype:trojan-activity; sid:100001394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.169.66"; classtype:trojan-activity; sid:100001395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.170.43"; classtype:trojan-activity; sid:100001396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.172.176"; classtype:trojan-activity; sid:100001397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.173.176"; classtype:trojan-activity; sid:100001398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.173.251"; classtype:trojan-activity; sid:100001399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.173.42"; classtype:trojan-activity; sid:100001400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.174.244"; classtype:trojan-activity; sid:100001401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.196.10"; classtype:trojan-activity; sid:100001402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.196.127"; classtype:trojan-activity; sid:100001403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.196.208"; classtype:trojan-activity; sid:100001404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.196.4"; classtype:trojan-activity; sid:100001405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.196.78"; classtype:trojan-activity; sid:100001406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.198.233"; classtype:trojan-activity; sid:100001407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.198.67"; classtype:trojan-activity; sid:100001408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.198.96"; classtype:trojan-activity; sid:100001409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.199.37"; classtype:trojan-activity; sid:100001410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.208.122"; classtype:trojan-activity; sid:100001411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.209.193"; classtype:trojan-activity; sid:100001412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.209.255"; classtype:trojan-activity; sid:100001413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.211.27"; classtype:trojan-activity; sid:100001414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.214.199"; classtype:trojan-activity; sid:100001415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.214.89"; classtype:trojan-activity; sid:100001416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.236.146"; classtype:trojan-activity; sid:100001417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.237.239"; classtype:trojan-activity; sid:100001418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.237.241"; classtype:trojan-activity; sid:100001419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.238.18"; classtype:trojan-activity; sid:100001420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.238.56"; classtype:trojan-activity; sid:100001421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.239.187"; classtype:trojan-activity; sid:100001422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.239.214"; classtype:trojan-activity; sid:100001423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.239.253"; classtype:trojan-activity; sid:100001424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.239.55"; classtype:trojan-activity; sid:100001425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.239.89"; classtype:trojan-activity; sid:100001426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.252.148"; classtype:trojan-activity; sid:100001427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.254.186"; classtype:trojan-activity; sid:100001428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.85.255.20"; classtype:trojan-activity; sid:100001429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.86.144.175"; classtype:trojan-activity; sid:100001430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.86.145.97"; classtype:trojan-activity; sid:100001431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.86.147.127"; classtype:trojan-activity; sid:100001432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.86.147.142"; classtype:trojan-activity; sid:100001433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.86.248.225"; classtype:trojan-activity; sid:100001434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.87.190.210"; classtype:trojan-activity; sid:100001435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.87.49.108"; classtype:trojan-activity; sid:100001436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.9.111.79"; classtype:trojan-activity; sid:100001437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"120.9.32.199"; classtype:trojan-activity; sid:100001438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.102.53.252"; classtype:trojan-activity; sid:100001439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.121.76.99"; classtype:trojan-activity; sid:100001440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.128.103.44"; classtype:trojan-activity; sid:100001441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.129.5.221"; classtype:trojan-activity; sid:100001442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.132.178.145"; classtype:trojan-activity; sid:100001443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.138.193.41"; classtype:trojan-activity; sid:100001444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.141.11.56"; classtype:trojan-activity; sid:100001445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.146.19.128"; classtype:trojan-activity; sid:100001446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.148.94.142"; classtype:trojan-activity; sid:100001447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.153.71.85"; classtype:trojan-activity; sid:100001448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.154.226.39"; classtype:trojan-activity; sid:100001449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.158.221.166"; classtype:trojan-activity; sid:100001450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.159.241.80"; classtype:trojan-activity; sid:100001451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.161.62.250"; classtype:trojan-activity; sid:100001452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.170.8.146"; classtype:trojan-activity; sid:100001453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.176.211.232"; classtype:trojan-activity; sid:100001454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.177.219.59"; classtype:trojan-activity; sid:100001455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.178.107.199"; classtype:trojan-activity; sid:100001456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.179.124.109"; classtype:trojan-activity; sid:100001457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.179.60.188"; classtype:trojan-activity; sid:100001458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.182.178.70"; classtype:trojan-activity; sid:100001459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.182.196.147"; classtype:trojan-activity; sid:100001460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.182.252.101"; classtype:trojan-activity; sid:100001461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.183.115.154"; classtype:trojan-activity; sid:100001462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.183.96.184"; classtype:trojan-activity; sid:100001463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.186.21.164"; classtype:trojan-activity; sid:100001464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.186.60.63"; classtype:trojan-activity; sid:100001465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.191.202.119"; classtype:trojan-activity; sid:100001466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.205.228.146"; classtype:trojan-activity; sid:100001467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.224.192.87"; classtype:trojan-activity; sid:100001468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.210.54"; classtype:trojan-activity; sid:100001469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.210.80"; classtype:trojan-activity; sid:100001470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.211.6"; classtype:trojan-activity; sid:100001471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.211.99"; classtype:trojan-activity; sid:100001472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.224.243"; classtype:trojan-activity; sid:100001473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.225.173"; classtype:trojan-activity; sid:100001474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.226.147"; classtype:trojan-activity; sid:100001475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.226.178"; classtype:trojan-activity; sid:100001476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.228.166"; classtype:trojan-activity; sid:100001477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.229.0"; classtype:trojan-activity; sid:100001478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.229.66"; classtype:trojan-activity; sid:100001479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.236.174"; classtype:trojan-activity; sid:100001480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.239.125"; classtype:trojan-activity; sid:100001481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.239.128"; classtype:trojan-activity; sid:100001482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.226.239.64"; classtype:trojan-activity; sid:100001483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.23.123.219"; classtype:trojan-activity; sid:100001484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.230.24.216"; classtype:trojan-activity; sid:100001485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.231.16.107"; classtype:trojan-activity; sid:100001486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.231.172.185"; classtype:trojan-activity; sid:100001487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.231.197.145"; classtype:trojan-activity; sid:100001488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.231.65.161"; classtype:trojan-activity; sid:100001489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.234.109.23"; classtype:trojan-activity; sid:100001490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.238.166.2"; classtype:trojan-activity; sid:100001491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.25.106.238"; classtype:trojan-activity; sid:100001492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.254.76.17"; classtype:trojan-activity; sid:100001493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.34.151.95"; classtype:trojan-activity; sid:100001494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.60.112.138"; classtype:trojan-activity; sid:100001495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.61.100.103"; classtype:trojan-activity; sid:100001496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.61.110.63"; classtype:trojan-activity; sid:100001497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.61.48.115"; classtype:trojan-activity; sid:100001498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.61.65.75"; classtype:trojan-activity; sid:100001499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.61.68.113"; classtype:trojan-activity; sid:100001500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.61.96.155"; classtype:trojan-activity; sid:100001501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.61.96.195"; classtype:trojan-activity; sid:100001502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.63.72.105"; classtype:trojan-activity; sid:100001503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.63.82.121"; classtype:trojan-activity; sid:100001504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.67.99.220"; classtype:trojan-activity; sid:100001505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121.8.107.214"; classtype:trojan-activity; sid:100001506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.100.64.223"; classtype:trojan-activity; sid:100001507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.116.93.59"; classtype:trojan-activity; sid:100001508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.117.165.70"; classtype:trojan-activity; sid:100001509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.142.203.91"; classtype:trojan-activity; sid:100001510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.147.25.229"; classtype:trojan-activity; sid:100001511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.157.144.133"; classtype:trojan-activity; sid:100001512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.160.10.209"; classtype:trojan-activity; sid:100001513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.160.147.53"; classtype:trojan-activity; sid:100001514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.165.6.247"; classtype:trojan-activity; sid:100001515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.175.13.135"; classtype:trojan-activity; sid:100001516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.188.193.229"; classtype:trojan-activity; sid:100001517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.188.86.177"; classtype:trojan-activity; sid:100001518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.188.88.41"; classtype:trojan-activity; sid:100001519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.189.102.209"; classtype:trojan-activity; sid:100001520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.189.102.93"; classtype:trojan-activity; sid:100001521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.189.20.19"; classtype:trojan-activity; sid:100001522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.190.162.117"; classtype:trojan-activity; sid:100001523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.190.162.43"; classtype:trojan-activity; sid:100001524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.191.177.138"; classtype:trojan-activity; sid:100001525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.192.86.3"; classtype:trojan-activity; sid:100001526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.193.138.123"; classtype:trojan-activity; sid:100001527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.194.192.203"; classtype:trojan-activity; sid:100001528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.194.196.49"; classtype:trojan-activity; sid:100001529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.194.72.126"; classtype:trojan-activity; sid:100001530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.194.72.90"; classtype:trojan-activity; sid:100001531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.230.137.51"; classtype:trojan-activity; sid:100001532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.231.21.65"; classtype:trojan-activity; sid:100001533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.239.182.196"; classtype:trojan-activity; sid:100001534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.241.74.58"; classtype:trojan-activity; sid:100001535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"122.96.112.197"; classtype:trojan-activity; sid:100001536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.0.193.181"; classtype:trojan-activity; sid:100001537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.0.240.58"; classtype:trojan-activity; sid:100001538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.0.243.169"; classtype:trojan-activity; sid:100001539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.128.187"; classtype:trojan-activity; sid:100001540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.136.139"; classtype:trojan-activity; sid:100001541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.140.98"; classtype:trojan-activity; sid:100001542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.144.94"; classtype:trojan-activity; sid:100001543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.146.136"; classtype:trojan-activity; sid:100001544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.151.74"; classtype:trojan-activity; sid:100001545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.174.115"; classtype:trojan-activity; sid:100001546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.178.228"; classtype:trojan-activity; sid:100001547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.186.235"; classtype:trojan-activity; sid:100001548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.209.74"; classtype:trojan-activity; sid:100001549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.22.162"; classtype:trojan-activity; sid:100001550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.10.225.23"; classtype:trojan-activity; sid:100001551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.0.80"; classtype:trojan-activity; sid:100001552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.12.125"; classtype:trojan-activity; sid:100001553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.200.50"; classtype:trojan-activity; sid:100001554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.203.149"; classtype:trojan-activity; sid:100001555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.254.41"; classtype:trojan-activity; sid:100001556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.3.90"; classtype:trojan-activity; sid:100001557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.52.252"; classtype:trojan-activity; sid:100001558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.6.175"; classtype:trojan-activity; sid:100001559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.11.78.96"; classtype:trojan-activity; sid:100001560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.116.52"; classtype:trojan-activity; sid:100001561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.124.238"; classtype:trojan-activity; sid:100001562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.124.244"; classtype:trojan-activity; sid:100001563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.155.10"; classtype:trojan-activity; sid:100001564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.170.237"; classtype:trojan-activity; sid:100001565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.176.246"; classtype:trojan-activity; sid:100001566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.182.187"; classtype:trojan-activity; sid:100001567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.19.248"; classtype:trojan-activity; sid:100001568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.195.93"; classtype:trojan-activity; sid:100001569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.110.200.98"; classtype:trojan-activity; sid:100001570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.104.247"; classtype:trojan-activity; sid:100001571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.16.225"; classtype:trojan-activity; sid:100001572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.19.64"; classtype:trojan-activity; sid:100001573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.21.91"; classtype:trojan-activity; sid:100001574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.224.234"; classtype:trojan-activity; sid:100001575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.225.199"; classtype:trojan-activity; sid:100001576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.242.16"; classtype:trojan-activity; sid:100001577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.245.93"; classtype:trojan-activity; sid:100001578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.40.49"; classtype:trojan-activity; sid:100001579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.12.79.72"; classtype:trojan-activity; sid:100001580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.128.124.166"; classtype:trojan-activity; sid:100001581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.128.131.199"; classtype:trojan-activity; sid:100001582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.128.131.247"; classtype:trojan-activity; sid:100001583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.128.179.78"; classtype:trojan-activity; sid:100001584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.128.224.152"; classtype:trojan-activity; sid:100001585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.128.224.79"; classtype:trojan-activity; sid:100001586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.128.59.54"; classtype:trojan-activity; sid:100001587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.108.22"; classtype:trojan-activity; sid:100001588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.130.208"; classtype:trojan-activity; sid:100001589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.132.46"; classtype:trojan-activity; sid:100001590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.132.72"; classtype:trojan-activity; sid:100001591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.134.22"; classtype:trojan-activity; sid:100001592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.134.243"; classtype:trojan-activity; sid:100001593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.152.47"; classtype:trojan-activity; sid:100001594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.153.155"; classtype:trojan-activity; sid:100001595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.154.174"; classtype:trojan-activity; sid:100001596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.154.63"; classtype:trojan-activity; sid:100001597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.174.111"; classtype:trojan-activity; sid:100001598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.129.28.212"; classtype:trojan-activity; sid:100001599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.13.100.233"; classtype:trojan-activity; sid:100001600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.13.140.234"; classtype:trojan-activity; sid:100001601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.13.165.205"; classtype:trojan-activity; sid:100001602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.130.12.99"; classtype:trojan-activity; sid:100001603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.130.211.241"; classtype:trojan-activity; sid:100001604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.130.215.29"; classtype:trojan-activity; sid:100001605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.130.31.13"; classtype:trojan-activity; sid:100001606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.131.121.76"; classtype:trojan-activity; sid:100001607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.132.218.249"; classtype:trojan-activity; sid:100001608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.132.25.101"; classtype:trojan-activity; sid:100001609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.133.147.124"; classtype:trojan-activity; sid:100001610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.133.181.228"; classtype:trojan-activity; sid:100001611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.133.203.195"; classtype:trojan-activity; sid:100001612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.134.3.170"; classtype:trojan-activity; sid:100001613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.135.139.29"; classtype:trojan-activity; sid:100001614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.135.145.142"; classtype:trojan-activity; sid:100001615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.135.246.112"; classtype:trojan-activity; sid:100001616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.138.251.121"; classtype:trojan-activity; sid:100001617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.156.250"; classtype:trojan-activity; sid:100001618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.165.82"; classtype:trojan-activity; sid:100001619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.167.160"; classtype:trojan-activity; sid:100001620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.168.92"; classtype:trojan-activity; sid:100001621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.199.130"; classtype:trojan-activity; sid:100001622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.210.83"; classtype:trojan-activity; sid:100001623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.217.222"; classtype:trojan-activity; sid:100001624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.252.77"; classtype:trojan-activity; sid:100001625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.255.61"; classtype:trojan-activity; sid:100001626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.26.176"; classtype:trojan-activity; sid:100001627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.28.3"; classtype:trojan-activity; sid:100001628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.33.255"; classtype:trojan-activity; sid:100001629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.42.127"; classtype:trojan-activity; sid:100001630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.54.199"; classtype:trojan-activity; sid:100001631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.76.192"; classtype:trojan-activity; sid:100001632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.77.163"; classtype:trojan-activity; sid:100001633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.82.30"; classtype:trojan-activity; sid:100001634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.14.94.74"; classtype:trojan-activity; sid:100001635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.156.31.223"; classtype:trojan-activity; sid:100001636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.159.126.77"; classtype:trojan-activity; sid:100001637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.159.68.242"; classtype:trojan-activity; sid:100001638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.159.71.41"; classtype:trojan-activity; sid:100001639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.16.3.106"; classtype:trojan-activity; sid:100001640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.170.254.207"; classtype:trojan-activity; sid:100001641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.183.19.245"; classtype:trojan-activity; sid:100001642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.191.138.115"; classtype:trojan-activity; sid:100001643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.191.232.21"; classtype:trojan-activity; sid:100001644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.192.101.163"; classtype:trojan-activity; sid:100001645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.192.209.38"; classtype:trojan-activity; sid:100001646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.193.226.2"; classtype:trojan-activity; sid:100001647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.193.229.118"; classtype:trojan-activity; sid:100001648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.193.53.237"; classtype:trojan-activity; sid:100001649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.117.100"; classtype:trojan-activity; sid:100001650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.235.37"; classtype:trojan-activity; sid:100001651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.32.140"; classtype:trojan-activity; sid:100001652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.32.157"; classtype:trojan-activity; sid:100001653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.35.146"; classtype:trojan-activity; sid:100001654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.60.238"; classtype:trojan-activity; sid:100001655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.80.69"; classtype:trojan-activity; sid:100001656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.194.80.71"; classtype:trojan-activity; sid:100001657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.195.107.73"; classtype:trojan-activity; sid:100001658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.195.184.191"; classtype:trojan-activity; sid:100001659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.195.60.199"; classtype:trojan-activity; sid:100001660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.195.84.170"; classtype:trojan-activity; sid:100001661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.195.87.10"; classtype:trojan-activity; sid:100001662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.204.89.138"; classtype:trojan-activity; sid:100001663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.235.97.176"; classtype:trojan-activity; sid:100001664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.103.89"; classtype:trojan-activity; sid:100001665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.143.236"; classtype:trojan-activity; sid:100001666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.181.57"; classtype:trojan-activity; sid:100001667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.20.187"; classtype:trojan-activity; sid:100001668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.23.243"; classtype:trojan-activity; sid:100001669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.36.247"; classtype:trojan-activity; sid:100001670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.47.251"; classtype:trojan-activity; sid:100001671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.240.79.61"; classtype:trojan-activity; sid:100001672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.11.41"; classtype:trojan-activity; sid:100001673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.123.185"; classtype:trojan-activity; sid:100001674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.127.181"; classtype:trojan-activity; sid:100001675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.131.235"; classtype:trojan-activity; sid:100001676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.148.58"; classtype:trojan-activity; sid:100001677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.167.47"; classtype:trojan-activity; sid:100001678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.184.124"; classtype:trojan-activity; sid:100001679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.241.60.240"; classtype:trojan-activity; sid:100001680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.28.229.12"; classtype:trojan-activity; sid:100001681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.161.98"; classtype:trojan-activity; sid:100001682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.187.128"; classtype:trojan-activity; sid:100001683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.211.167"; classtype:trojan-activity; sid:100001684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.48.67"; classtype:trojan-activity; sid:100001685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.71.193"; classtype:trojan-activity; sid:100001686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.73.154"; classtype:trojan-activity; sid:100001687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.78.182"; classtype:trojan-activity; sid:100001688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.84.9"; classtype:trojan-activity; sid:100001689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.85.66"; classtype:trojan-activity; sid:100001690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.87.61"; classtype:trojan-activity; sid:100001691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.88.179"; classtype:trojan-activity; sid:100001692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.91.215"; classtype:trojan-activity; sid:100001693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.93.162"; classtype:trojan-activity; sid:100001694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.4.94.213"; classtype:trojan-activity; sid:100001695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.117.73"; classtype:trojan-activity; sid:100001696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.126.106"; classtype:trojan-activity; sid:100001697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.151.3"; classtype:trojan-activity; sid:100001698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.182.56"; classtype:trojan-activity; sid:100001699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.186.11"; classtype:trojan-activity; sid:100001700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.188.98"; classtype:trojan-activity; sid:100001701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.189.190"; classtype:trojan-activity; sid:100001702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.19.119"; classtype:trojan-activity; sid:100001703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.193.169"; classtype:trojan-activity; sid:100001704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.5.203.145"; classtype:trojan-activity; sid:100001705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.7.63.169"; classtype:trojan-activity; sid:100001706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.8.161.152"; classtype:trojan-activity; sid:100001707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.8.173.43"; classtype:trojan-activity; sid:100001708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.8.2.59"; classtype:trojan-activity; sid:100001709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.8.233.153"; classtype:trojan-activity; sid:100001710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.8.255.134"; classtype:trojan-activity; sid:100001711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.8.29.125"; classtype:trojan-activity; sid:100001712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.8.69.126"; classtype:trojan-activity; sid:100001713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.106.93"; classtype:trojan-activity; sid:100001714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.11.225"; classtype:trojan-activity; sid:100001715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.193.230"; classtype:trojan-activity; sid:100001716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.197.8"; classtype:trojan-activity; sid:100001717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.239.157"; classtype:trojan-activity; sid:100001718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.246.254"; classtype:trojan-activity; sid:100001719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.74.164"; classtype:trojan-activity; sid:100001720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.86.95"; classtype:trojan-activity; sid:100001721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.9.99.106"; classtype:trojan-activity; sid:100001722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.97.134.13"; classtype:trojan-activity; sid:100001723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"123.97.145.61"; classtype:trojan-activity; sid:100001724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.123.68.137"; classtype:trojan-activity; sid:100001725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.129.133.242"; classtype:trojan-activity; sid:100001726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.129.231.250"; classtype:trojan-activity; sid:100001727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.130.109.97"; classtype:trojan-activity; sid:100001728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.119.235"; classtype:trojan-activity; sid:100001729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.139.239"; classtype:trojan-activity; sid:100001730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.141.83"; classtype:trojan-activity; sid:100001731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.142.143"; classtype:trojan-activity; sid:100001732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.142.56"; classtype:trojan-activity; sid:100001733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.150.84"; classtype:trojan-activity; sid:100001734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.158.33"; classtype:trojan-activity; sid:100001735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.167.39"; classtype:trojan-activity; sid:100001736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.199.235"; classtype:trojan-activity; sid:100001737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.42.161"; classtype:trojan-activity; sid:100001738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.131.65.193"; classtype:trojan-activity; sid:100001739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.132.20.116"; classtype:trojan-activity; sid:100001740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.132.3.214"; classtype:trojan-activity; sid:100001741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.133.144.35"; classtype:trojan-activity; sid:100001742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.135.20.93"; classtype:trojan-activity; sid:100001743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.135.68.181"; classtype:trojan-activity; sid:100001744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.153.136.175"; classtype:trojan-activity; sid:100001745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.153.236.6"; classtype:trojan-activity; sid:100001746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.160.126.238"; classtype:trojan-activity; sid:100001747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.163.103.216"; classtype:trojan-activity; sid:100001748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.163.136.183"; classtype:trojan-activity; sid:100001749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.163.14.145"; classtype:trojan-activity; sid:100001750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.163.32.147"; classtype:trojan-activity; sid:100001751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.163.44.229"; classtype:trojan-activity; sid:100001752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.163.75.189"; classtype:trojan-activity; sid:100001753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.163.86.138"; classtype:trojan-activity; sid:100001754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.165.137.20"; classtype:trojan-activity; sid:100001755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.165.142.3"; classtype:trojan-activity; sid:100001756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.165.28.208"; classtype:trojan-activity; sid:100001757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.187.111.160"; classtype:trojan-activity; sid:100001758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.218.130.57"; classtype:trojan-activity; sid:100001759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.218.130.81"; classtype:trojan-activity; sid:100001760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.228.109.63"; classtype:trojan-activity; sid:100001761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.228.202.97"; classtype:trojan-activity; sid:100001762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.234.7.127"; classtype:trojan-activity; sid:100001763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.235.180.166"; classtype:trojan-activity; sid:100001764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.44.91.1"; classtype:trojan-activity; sid:100001765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.6.14.103"; classtype:trojan-activity; sid:100001766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.6.14.122"; classtype:trojan-activity; sid:100001767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.6.3.177"; classtype:trojan-activity; sid:100001768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.80.46.73"; classtype:trojan-activity; sid:100001769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.91.184.98"; classtype:trojan-activity; sid:100001770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.91.21.215"; classtype:trojan-activity; sid:100001771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.91.237.188"; classtype:trojan-activity; sid:100001772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.91.6.225"; classtype:trojan-activity; sid:100001773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"124.91.7.129"; classtype:trojan-activity; sid:100001774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.105.121.141"; classtype:trojan-activity; sid:100001775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.105.52.134"; classtype:trojan-activity; sid:100001776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.105.56.207"; classtype:trojan-activity; sid:100001777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.106.103.253"; classtype:trojan-activity; sid:100001778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.109.5.255"; classtype:trojan-activity; sid:100001779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.119.114.89"; classtype:trojan-activity; sid:100001780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.125.230.25"; classtype:trojan-activity; sid:100001781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.138.52.199"; classtype:trojan-activity; sid:100001782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.138.58.177"; classtype:trojan-activity; sid:100001783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.139.81.178"; classtype:trojan-activity; sid:100001784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.140.189.95"; classtype:trojan-activity; sid:100001785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.141.5.251"; classtype:trojan-activity; sid:100001786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.168.190.111"; classtype:trojan-activity; sid:100001787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.168.248.100"; classtype:trojan-activity; sid:100001788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.180.158.50"; classtype:trojan-activity; sid:100001789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.211.151.117"; classtype:trojan-activity; sid:100001790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.228.97.112"; classtype:trojan-activity; sid:100001791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.25.110.194"; classtype:trojan-activity; sid:100001792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.36.191.20"; classtype:trojan-activity; sid:100001793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.37.77.153"; classtype:trojan-activity; sid:100001794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.38.187.11"; classtype:trojan-activity; sid:100001795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.38.190.131"; classtype:trojan-activity; sid:100001796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.40.1.86"; classtype:trojan-activity; sid:100001797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.40.115.237"; classtype:trojan-activity; sid:100001798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.40.121.53"; classtype:trojan-activity; sid:100001799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.40.139.91"; classtype:trojan-activity; sid:100001800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.40.146.197"; classtype:trojan-activity; sid:100001801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.40.154.164"; classtype:trojan-activity; sid:100001802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.40.31.144"; classtype:trojan-activity; sid:100001803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.129.41"; classtype:trojan-activity; sid:100001804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.135.48"; classtype:trojan-activity; sid:100001805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.14.246"; classtype:trojan-activity; sid:100001806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.15.147"; classtype:trojan-activity; sid:100001807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.2.101"; classtype:trojan-activity; sid:100001808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.208.240"; classtype:trojan-activity; sid:100001809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.221.157"; classtype:trojan-activity; sid:100001810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.226.234"; classtype:trojan-activity; sid:100001811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.6.26"; classtype:trojan-activity; sid:100001812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.79.10"; classtype:trojan-activity; sid:100001813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.86.151"; classtype:trojan-activity; sid:100001814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.41.97.198"; classtype:trojan-activity; sid:100001815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.42.120.16"; classtype:trojan-activity; sid:100001816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.42.197.53"; classtype:trojan-activity; sid:100001817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.42.237.59"; classtype:trojan-activity; sid:100001818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.42.239.69"; classtype:trojan-activity; sid:100001819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.42.97.223"; classtype:trojan-activity; sid:100001820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.127.151"; classtype:trojan-activity; sid:100001821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.19.185"; classtype:trojan-activity; sid:100001822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.2.21"; classtype:trojan-activity; sid:100001823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.2.225"; classtype:trojan-activity; sid:100001824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.208.97"; classtype:trojan-activity; sid:100001825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.23.205"; classtype:trojan-activity; sid:100001826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.243.30"; classtype:trojan-activity; sid:100001827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.25.222"; classtype:trojan-activity; sid:100001828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.64.25"; classtype:trojan-activity; sid:100001829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.73.174"; classtype:trojan-activity; sid:100001830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.75.130"; classtype:trojan-activity; sid:100001831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.8.239"; classtype:trojan-activity; sid:100001832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.81.2"; classtype:trojan-activity; sid:100001833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.90.63"; classtype:trojan-activity; sid:100001834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.94.112"; classtype:trojan-activity; sid:100001835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.43.94.228"; classtype:trojan-activity; sid:100001836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.10.71"; classtype:trojan-activity; sid:100001837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.11.79"; classtype:trojan-activity; sid:100001838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.15.16"; classtype:trojan-activity; sid:100001839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.15.209"; classtype:trojan-activity; sid:100001840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.169.63"; classtype:trojan-activity; sid:100001841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.194.149"; classtype:trojan-activity; sid:100001842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.199.49"; classtype:trojan-activity; sid:100001843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.211.186"; classtype:trojan-activity; sid:100001844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.213.68"; classtype:trojan-activity; sid:100001845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.214.233"; classtype:trojan-activity; sid:100001846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.214.77"; classtype:trojan-activity; sid:100001847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.219.171"; classtype:trojan-activity; sid:100001848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.243.74"; classtype:trojan-activity; sid:100001849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.244.70"; classtype:trojan-activity; sid:100001850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.250.33"; classtype:trojan-activity; sid:100001851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.34.72"; classtype:trojan-activity; sid:100001852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.60.28"; classtype:trojan-activity; sid:100001853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.68.126"; classtype:trojan-activity; sid:100001854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.44.73.237"; classtype:trojan-activity; sid:100001855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.121.191"; classtype:trojan-activity; sid:100001856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.122.21"; classtype:trojan-activity; sid:100001857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.187.58"; classtype:trojan-activity; sid:100001858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.200.68"; classtype:trojan-activity; sid:100001859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.50.209"; classtype:trojan-activity; sid:100001860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.67.196"; classtype:trojan-activity; sid:100001861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.82.6"; classtype:trojan-activity; sid:100001862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.89.140"; classtype:trojan-activity; sid:100001863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.45.99.17"; classtype:trojan-activity; sid:100001864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.136.195"; classtype:trojan-activity; sid:100001865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.136.45"; classtype:trojan-activity; sid:100001866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.139.117"; classtype:trojan-activity; sid:100001867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.161.99"; classtype:trojan-activity; sid:100001868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.162.112"; classtype:trojan-activity; sid:100001869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.185.194"; classtype:trojan-activity; sid:100001870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.185.53"; classtype:trojan-activity; sid:100001871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.190.125"; classtype:trojan-activity; sid:100001872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.211.127"; classtype:trojan-activity; sid:100001873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.46.220.92"; classtype:trojan-activity; sid:100001874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.201.75"; classtype:trojan-activity; sid:100001875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.202.129"; classtype:trojan-activity; sid:100001876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.206.250"; classtype:trojan-activity; sid:100001877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.21.244"; classtype:trojan-activity; sid:100001878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.219.177"; classtype:trojan-activity; sid:100001879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.223.200"; classtype:trojan-activity; sid:100001880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.240.148"; classtype:trojan-activity; sid:100001881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.240.255"; classtype:trojan-activity; sid:100001882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.244.207"; classtype:trojan-activity; sid:100001883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.245.74"; classtype:trojan-activity; sid:100001884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.248.177"; classtype:trojan-activity; sid:100001885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.248.3"; classtype:trojan-activity; sid:100001886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.251.102"; classtype:trojan-activity; sid:100001887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.252.108"; classtype:trojan-activity; sid:100001888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.252.58"; classtype:trojan-activity; sid:100001889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.254.192"; classtype:trojan-activity; sid:100001890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.254.3"; classtype:trojan-activity; sid:100001891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.38.3"; classtype:trojan-activity; sid:100001892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.50.232"; classtype:trojan-activity; sid:100001893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.51.38"; classtype:trojan-activity; sid:100001894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.56.34"; classtype:trojan-activity; sid:100001895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.66.94"; classtype:trojan-activity; sid:100001896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.67.244"; classtype:trojan-activity; sid:100001897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.88.28"; classtype:trojan-activity; sid:100001898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.91.168"; classtype:trojan-activity; sid:100001899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.91.178"; classtype:trojan-activity; sid:100001900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.47.94.20"; classtype:trojan-activity; sid:100001901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.78.227.221"; classtype:trojan-activity; sid:100001902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.78.227.92"; classtype:trojan-activity; sid:100001903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"125.86.176.43"; classtype:trojan-activity; sid:100001904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"128.116.228.168"; classtype:trojan-activity; sid:100001905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"13.92.100.208"; classtype:trojan-activity; sid:100001906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"130.255.159.133"; classtype:trojan-activity; sid:100001907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"131.100.38.12"; classtype:trojan-activity; sid:100001908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"134.236.252.28"; classtype:trojan-activity; sid:100001909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"135.125.205.204"; classtype:trojan-activity; sid:100001910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"136.144.41.117"; classtype:trojan-activity; sid:100001911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"136.144.41.128"; classtype:trojan-activity; sid:100001912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"136.144.41.29"; classtype:trojan-activity; sid:100001913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"137.175.56.104"; classtype:trojan-activity; sid:100001914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"138.99.204.224"; classtype:trojan-activity; sid:100001915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"139.170.238.217"; classtype:trojan-activity; sid:100001916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"139.190.238.147"; classtype:trojan-activity; sid:100001917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"139.190.238.154"; classtype:trojan-activity; sid:100001918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"139.216.102.151"; classtype:trojan-activity; sid:100001919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"139.216.232.124"; classtype:trojan-activity; sid:100001920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.102.17.222"; classtype:trojan-activity; sid:100001921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.110.235.226"; classtype:trojan-activity; sid:100001922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.146.92.249"; classtype:trojan-activity; sid:100001923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.154.31.69"; classtype:trojan-activity; sid:100001924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.160.189.110"; classtype:trojan-activity; sid:100001925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.160.189.216"; classtype:trojan-activity; sid:100001926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.160.189.245"; classtype:trojan-activity; sid:100001927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.160.189.67"; classtype:trojan-activity; sid:100001928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.160.189.89"; classtype:trojan-activity; sid:100001929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.160.24.71"; classtype:trojan-activity; sid:100001930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.161.197.189"; classtype:trojan-activity; sid:100001931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.176.141.107"; classtype:trojan-activity; sid:100001932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.183.40.27"; classtype:trojan-activity; sid:100001933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.188.107.239"; classtype:trojan-activity; sid:100001934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.189.246.160"; classtype:trojan-activity; sid:100001935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.192.1.4"; classtype:trojan-activity; sid:100001936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.192.207.134"; classtype:trojan-activity; sid:100001937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.230.135.134"; classtype:trojan-activity; sid:100001938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.230.66.199"; classtype:trojan-activity; sid:100001939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.231.145.66"; classtype:trojan-activity; sid:100001940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.232.223.58"; classtype:trojan-activity; sid:100001941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.240.51.201"; classtype:trojan-activity; sid:100001942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.240.54.201"; classtype:trojan-activity; sid:100001943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.241.227.216"; classtype:trojan-activity; sid:100001944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.242.200.229"; classtype:trojan-activity; sid:100001945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.242.231.130"; classtype:trojan-activity; sid:100001946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.244.14.219"; classtype:trojan-activity; sid:100001947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.252.246.234"; classtype:trojan-activity; sid:100001948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.252.64.191"; classtype:trojan-activity; sid:100001949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.253.12.177"; classtype:trojan-activity; sid:100001950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.32.224.137"; classtype:trojan-activity; sid:100001951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.32.54.142"; classtype:trojan-activity; sid:100001952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.34.75.195"; classtype:trojan-activity; sid:100001953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.37.222.190"; classtype:trojan-activity; sid:100001954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.37.24.72"; classtype:trojan-activity; sid:100001955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.42.160.123"; classtype:trojan-activity; sid:100001956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.45.127.110"; classtype:trojan-activity; sid:100001957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.45.92.92"; classtype:trojan-activity; sid:100001958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.46.25.17"; classtype:trojan-activity; sid:100001959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.49.81.41"; classtype:trojan-activity; sid:100001960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.50.129.248"; classtype:trojan-activity; sid:100001961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.54.91.154"; classtype:trojan-activity; sid:100001962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.98.184.178"; classtype:trojan-activity; sid:100001963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"140.237.28.86"; classtype:trojan-activity; sid:100001964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"140.237.7.242"; classtype:trojan-activity; sid:100001965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"140.237.8.242"; classtype:trojan-activity; sid:100001966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"141.94.124.121"; classtype:trojan-activity; sid:100001967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"142.255.48.233"; classtype:trojan-activity; sid:100001968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"143.255.167.37"; classtype:trojan-activity; sid:100001969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"143.255.167.42"; classtype:trojan-activity; sid:100001970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"144.129.175.204"; classtype:trojan-activity; sid:100001971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"144.139.130.6"; classtype:trojan-activity; sid:100001972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"146.196.121.62"; classtype:trojan-activity; sid:100001973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"146.196.67.61"; classtype:trojan-activity; sid:100001974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"147.182.189.24"; classtype:trojan-activity; sid:100001975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149.20.176.179"; classtype:trojan-activity; sid:100001976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149.3.110.19"; classtype:trojan-activity; sid:100001977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149.3.36.174"; classtype:trojan-activity; sid:100001978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149.3.73.210"; classtype:trojan-activity; sid:100001979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"150.107.92.135"; classtype:trojan-activity; sid:100001980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"150.129.248.112"; classtype:trojan-activity; sid:100001981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"152.238.203.47"; classtype:trojan-activity; sid:100001982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"152.67.63.150"; classtype:trojan-activity; sid:100001983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.0.60.44"; classtype:trojan-activity; sid:100001984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.101.39.90"; classtype:trojan-activity; sid:100001985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.101.9.101"; classtype:trojan-activity; sid:100001986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.3.130.2"; classtype:trojan-activity; sid:100001987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.3.139.27"; classtype:trojan-activity; sid:100001988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.3.28.233"; classtype:trojan-activity; sid:100001989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.3.29.28"; classtype:trojan-activity; sid:100001990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.3.65.229"; classtype:trojan-activity; sid:100001991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.37.121.147"; classtype:trojan-activity; sid:100001992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.37.141.147"; classtype:trojan-activity; sid:100001993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"153.99.202.8"; classtype:trojan-activity; sid:100001994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"154.16.118.104"; classtype:trojan-activity; sid:100001995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"154.192.232.220"; classtype:trojan-activity; sid:100001996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"154.192.55.227"; classtype:trojan-activity; sid:100001997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"155.94.142.170"; classtype:trojan-activity; sid:100001998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"155.94.228.223"; classtype:trojan-activity; sid:100001999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"158.101.165.14"; classtype:trojan-activity; sid:100002000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"158.174.218.29"; classtype:trojan-activity; sid:100002001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"158.222.165.33"; classtype:trojan-activity; sid:100002002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"159.196.204.38"; classtype:trojan-activity; sid:100002003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"160.155.16.204"; classtype:trojan-activity; sid:100002004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.155.192.189"; classtype:trojan-activity; sid:100002005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.191.249.195"; classtype:trojan-activity; sid:100002006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.194.28.60"; classtype:trojan-activity; sid:100002007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.199.213.252"; classtype:trojan-activity; sid:100002008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.209.98.174"; classtype:trojan-activity; sid:100002009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.224.157.135"; classtype:trojan-activity; sid:100002010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.231.198.11"; classtype:trojan-activity; sid:100002011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.238.152.19"; classtype:trojan-activity; sid:100002012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.245.190.59"; classtype:trojan-activity; sid:100002013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"162.251.58.131"; classtype:trojan-activity; sid:100002014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.181.28"; classtype:trojan-activity; sid:100002015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.238.102"; classtype:trojan-activity; sid:100002016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.246.1"; classtype:trojan-activity; sid:100002017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.42.162"; classtype:trojan-activity; sid:100002018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.42.77"; classtype:trojan-activity; sid:100002019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.62.152"; classtype:trojan-activity; sid:100002020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.75.57"; classtype:trojan-activity; sid:100002021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.80.66"; classtype:trojan-activity; sid:100002022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.82.73"; classtype:trojan-activity; sid:100002023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.125.95.98"; classtype:trojan-activity; sid:100002024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.142.120.126"; classtype:trojan-activity; sid:100002025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.142.121.15"; classtype:trojan-activity; sid:100002026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.142.121.29"; classtype:trojan-activity; sid:100002027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.142.122.217"; classtype:trojan-activity; sid:100002028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.142.122.4"; classtype:trojan-activity; sid:100002029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.142.228.100"; classtype:trojan-activity; sid:100002030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.160.153"; classtype:trojan-activity; sid:100002031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.161.101"; classtype:trojan-activity; sid:100002032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.162.124"; classtype:trojan-activity; sid:100002033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.162.36"; classtype:trojan-activity; sid:100002034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.162.88"; classtype:trojan-activity; sid:100002035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.165.165"; classtype:trojan-activity; sid:100002036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.165.47"; classtype:trojan-activity; sid:100002037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.166.147"; classtype:trojan-activity; sid:100002038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.167.244"; classtype:trojan-activity; sid:100002039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.169.177"; classtype:trojan-activity; sid:100002040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.169.181"; classtype:trojan-activity; sid:100002041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.171.30"; classtype:trojan-activity; sid:100002042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.172.32"; classtype:trojan-activity; sid:100002043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.172.89"; classtype:trojan-activity; sid:100002044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.172.95"; classtype:trojan-activity; sid:100002045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.173.176"; classtype:trojan-activity; sid:100002046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.173.47"; classtype:trojan-activity; sid:100002047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.217.3"; classtype:trojan-activity; sid:100002048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.217.97"; classtype:trojan-activity; sid:100002049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.232.23"; classtype:trojan-activity; sid:100002050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.233.151"; classtype:trojan-activity; sid:100002051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.233.203"; classtype:trojan-activity; sid:100002052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.233.219"; classtype:trojan-activity; sid:100002053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.179.234.202"; classtype:trojan-activity; sid:100002054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.208.247"; classtype:trojan-activity; sid:100002055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.208.33"; classtype:trojan-activity; sid:100002056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.209.226"; classtype:trojan-activity; sid:100002057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.210.149"; classtype:trojan-activity; sid:100002058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.214.229"; classtype:trojan-activity; sid:100002059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.214.239"; classtype:trojan-activity; sid:100002060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.216.112"; classtype:trojan-activity; sid:100002061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.217.61"; classtype:trojan-activity; sid:100002062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.220.128"; classtype:trojan-activity; sid:100002063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.220.144"; classtype:trojan-activity; sid:100002064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.221.224"; classtype:trojan-activity; sid:100002065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.223.187"; classtype:trojan-activity; sid:100002066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.80.171"; classtype:trojan-activity; sid:100002067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.80.91"; classtype:trojan-activity; sid:100002068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.81.180"; classtype:trojan-activity; sid:100002069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"163.204.81.220"; classtype:trojan-activity; sid:100002070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"164.160.111.156"; classtype:trojan-activity; sid:100002071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"166.0.133.125"; classtype:trojan-activity; sid:100002072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"168.121.239.172"; classtype:trojan-activity; sid:100002073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"170.78.39.17"; classtype:trojan-activity; sid:100002074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"170.78.39.50"; classtype:trojan-activity; sid:100002075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"170.78.39.79"; classtype:trojan-activity; sid:100002076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.104.127.113"; classtype:trojan-activity; sid:100002077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.112.39.15"; classtype:trojan-activity; sid:100002078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.117.191.5"; classtype:trojan-activity; sid:100002079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.121.255.12"; classtype:trojan-activity; sid:100002080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.123.152.183"; classtype:trojan-activity; sid:100002081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.123.217.253"; classtype:trojan-activity; sid:100002082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.123.41.133"; classtype:trojan-activity; sid:100002083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.100.50"; classtype:trojan-activity; sid:100002084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.15.239"; classtype:trojan-activity; sid:100002085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.16.192"; classtype:trojan-activity; sid:100002086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.181.157"; classtype:trojan-activity; sid:100002087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.232.219"; classtype:trojan-activity; sid:100002088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.236.7"; classtype:trojan-activity; sid:100002089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.241.217"; classtype:trojan-activity; sid:100002090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.25.76"; classtype:trojan-activity; sid:100002091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.27.12"; classtype:trojan-activity; sid:100002092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.33.17"; classtype:trojan-activity; sid:100002093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.40.100"; classtype:trojan-activity; sid:100002094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.125.95.32"; classtype:trojan-activity; sid:100002095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.227.95.53"; classtype:trojan-activity; sid:100002096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.34.178.38"; classtype:trojan-activity; sid:100002097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.160.144"; classtype:trojan-activity; sid:100002098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.161.209"; classtype:trojan-activity; sid:100002099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.166.12"; classtype:trojan-activity; sid:100002100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.166.199"; classtype:trojan-activity; sid:100002101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.167.128"; classtype:trojan-activity; sid:100002102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.169.159"; classtype:trojan-activity; sid:100002103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.170.65"; classtype:trojan-activity; sid:100002104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.173.186"; classtype:trojan-activity; sid:100002105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.173.70"; classtype:trojan-activity; sid:100002106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.174.7"; classtype:trojan-activity; sid:100002107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.35.174.76"; classtype:trojan-activity; sid:100002108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.36.7.193"; classtype:trojan-activity; sid:100002109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.37.1.96"; classtype:trojan-activity; sid:100002110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.37.29.87"; classtype:trojan-activity; sid:100002111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.37.78.140"; classtype:trojan-activity; sid:100002112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.38.144.48"; classtype:trojan-activity; sid:100002113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.38.146.100"; classtype:trojan-activity; sid:100002114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.38.151.234"; classtype:trojan-activity; sid:100002115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.38.192.174"; classtype:trojan-activity; sid:100002116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.38.193.146"; classtype:trojan-activity; sid:100002117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.38.219.132"; classtype:trojan-activity; sid:100002118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.38.219.151"; classtype:trojan-activity; sid:100002119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.40.183.55"; classtype:trojan-activity; sid:100002120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.40.92.223"; classtype:trojan-activity; sid:100002121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.42.165.182"; classtype:trojan-activity; sid:100002122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.42.65.165"; classtype:trojan-activity; sid:100002123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.43.32.218"; classtype:trojan-activity; sid:100002124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.44.253.186"; classtype:trojan-activity; sid:100002125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.44.253.240"; classtype:trojan-activity; sid:100002126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"171.83.224.78"; classtype:trojan-activity; sid:100002127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"172.105.36.168"; classtype:trojan-activity; sid:100002128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"172.245.163.145"; classtype:trojan-activity; sid:100002129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"172.245.26.145"; classtype:trojan-activity; sid:100002130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"172.88.228.41"; classtype:trojan-activity; sid:100002131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.14.69.161"; classtype:trojan-activity; sid:100002132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.166.207.109"; classtype:trojan-activity; sid:100002133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.169.46.85"; classtype:trojan-activity; sid:100002134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.220.222.227"; classtype:trojan-activity; sid:100002135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.25.113.8"; classtype:trojan-activity; sid:100002136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.52.95.134"; classtype:trojan-activity; sid:100002137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.52.97.25"; classtype:trojan-activity; sid:100002138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.56.92.166"; classtype:trojan-activity; sid:100002139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.63.39.192"; classtype:trojan-activity; sid:100002140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.68.158.62"; classtype:trojan-activity; sid:100002141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.75.221.14"; classtype:trojan-activity; sid:100002142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.77.217.250"; classtype:trojan-activity; sid:100002143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"174.106.33.85"; classtype:trojan-activity; sid:100002144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"174.61.3.149"; classtype:trojan-activity; sid:100002145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"174.81.78.7"; classtype:trojan-activity; sid:100002146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.0.37.116"; classtype:trojan-activity; sid:100002147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.0.61.132"; classtype:trojan-activity; sid:100002148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.0.62.78"; classtype:trojan-activity; sid:100002149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.0.63.59"; classtype:trojan-activity; sid:100002150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.13.252"; classtype:trojan-activity; sid:100002151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.18.12"; classtype:trojan-activity; sid:100002152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.19.32"; classtype:trojan-activity; sid:100002153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.212.67"; classtype:trojan-activity; sid:100002154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.214.122"; classtype:trojan-activity; sid:100002155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.243.83"; classtype:trojan-activity; sid:100002156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.50.121"; classtype:trojan-activity; sid:100002157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.10.85.238"; classtype:trojan-activity; sid:100002158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.170.43"; classtype:trojan-activity; sid:100002159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.20.137"; classtype:trojan-activity; sid:100002160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.20.220"; classtype:trojan-activity; sid:100002161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.200.30"; classtype:trojan-activity; sid:100002162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.200.48"; classtype:trojan-activity; sid:100002163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.202.144"; classtype:trojan-activity; sid:100002164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.212.128"; classtype:trojan-activity; sid:100002165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.231.149"; classtype:trojan-activity; sid:100002166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.52.243"; classtype:trojan-activity; sid:100002167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.52.47"; classtype:trojan-activity; sid:100002168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.53.24"; classtype:trojan-activity; sid:100002169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.70.125"; classtype:trojan-activity; sid:100002170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.11.8.117"; classtype:trojan-activity; sid:100002171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.113.50.233"; classtype:trojan-activity; sid:100002172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.113.50.236"; classtype:trojan-activity; sid:100002173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.13.0.205"; classtype:trojan-activity; sid:100002174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.13.32.118"; classtype:trojan-activity; sid:100002175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.151.64.32"; classtype:trojan-activity; sid:100002176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.155.175.199"; classtype:trojan-activity; sid:100002177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.155.175.226"; classtype:trojan-activity; sid:100002178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.161.162.2"; classtype:trojan-activity; sid:100002179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.163.78.173"; classtype:trojan-activity; sid:100002180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.164.164.175"; classtype:trojan-activity; sid:100002181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.166.251.29"; classtype:trojan-activity; sid:100002182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.168.237.206"; classtype:trojan-activity; sid:100002183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.169.22.244"; classtype:trojan-activity; sid:100002184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.172.11.210"; classtype:trojan-activity; sid:100002185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.172.38.44"; classtype:trojan-activity; sid:100002186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.174.94.21"; classtype:trojan-activity; sid:100002187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.180.143.82"; classtype:trojan-activity; sid:100002188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.182.254.177"; classtype:trojan-activity; sid:100002189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.182.254.205"; classtype:trojan-activity; sid:100002190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.182.71.20"; classtype:trojan-activity; sid:100002191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.201.20.97"; classtype:trojan-activity; sid:100002192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.202.73.59"; classtype:trojan-activity; sid:100002193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.203.192.16"; classtype:trojan-activity; sid:100002194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.21.155.82"; classtype:trojan-activity; sid:100002195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.211.131.73"; classtype:trojan-activity; sid:100002196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.212.195.193"; classtype:trojan-activity; sid:100002197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.213.25.192"; classtype:trojan-activity; sid:100002198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.30.130.108"; classtype:trojan-activity; sid:100002199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.43.146.80"; classtype:trojan-activity; sid:100002200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.8.28.202"; classtype:trojan-activity; sid:100002201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.8.31.2"; classtype:trojan-activity; sid:100002202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.9.171.142"; classtype:trojan-activity; sid:100002203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.9.171.153"; classtype:trojan-activity; sid:100002204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.9.218.239"; classtype:trojan-activity; sid:100002205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.9.221.14"; classtype:trojan-activity; sid:100002206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.9.252.38"; classtype:trojan-activity; sid:100002207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"175.9.54.227"; classtype:trojan-activity; sid:100002208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.103.16.71"; classtype:trojan-activity; sid:100002209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.111.215.88"; classtype:trojan-activity; sid:100002210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.12.117.66"; classtype:trojan-activity; sid:100002211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.12.117.70"; classtype:trojan-activity; sid:100002212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.120.63.5"; classtype:trojan-activity; sid:100002213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.123.5.44"; classtype:trojan-activity; sid:100002214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.123.6.196"; classtype:trojan-activity; sid:100002215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.123.7.127"; classtype:trojan-activity; sid:100002216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.124.185.201"; classtype:trojan-activity; sid:100002217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.126.175.205"; classtype:trojan-activity; sid:100002218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.240.18.92"; classtype:trojan-activity; sid:100002219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"176.35.202.86"; classtype:trojan-activity; sid:100002220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"177.131.226.235"; classtype:trojan-activity; sid:100002221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"177.189.222.41"; classtype:trojan-activity; sid:100002222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"177.204.104.140"; classtype:trojan-activity; sid:100002223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"177.54.82.154"; classtype:trojan-activity; sid:100002224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"177.67.5.139"; classtype:trojan-activity; sid:100002225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.118.210.151"; classtype:trojan-activity; sid:100002226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.134.185.75"; classtype:trojan-activity; sid:100002227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.110.252"; classtype:trojan-activity; sid:100002228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.141.39"; classtype:trojan-activity; sid:100002229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.195.182"; classtype:trojan-activity; sid:100002230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.4.56"; classtype:trojan-activity; sid:100002231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.55.149"; classtype:trojan-activity; sid:100002232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.76.39"; classtype:trojan-activity; sid:100002233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.95.188"; classtype:trojan-activity; sid:100002234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.141.98.116"; classtype:trojan-activity; sid:100002235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.150.174.65"; classtype:trojan-activity; sid:100002236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.19.183.14"; classtype:trojan-activity; sid:100002237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.21.164.68"; classtype:trojan-activity; sid:100002238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.214.220.106"; classtype:trojan-activity; sid:100002239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.222.252.130"; classtype:trojan-activity; sid:100002240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.34.183.30"; classtype:trojan-activity; sid:100002241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.72.91.172"; classtype:trojan-activity; sid:100002242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"179.228.243.21"; classtype:trojan-activity; sid:100002243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"179.42.124.105"; classtype:trojan-activity; sid:100002244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"179.43.175.58"; classtype:trojan-activity; sid:100002245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.105.239.54"; classtype:trojan-activity; sid:100002246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.112.228.185"; classtype:trojan-activity; sid:100002247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.113.170.207"; classtype:trojan-activity; sid:100002248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.114.4.219"; classtype:trojan-activity; sid:100002249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.115.116.13"; classtype:trojan-activity; sid:100002250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.115.168.241"; classtype:trojan-activity; sid:100002251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.115.201.177"; classtype:trojan-activity; sid:100002252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.116.121.144"; classtype:trojan-activity; sid:100002253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.116.47.164"; classtype:trojan-activity; sid:100002254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.116.48.230"; classtype:trojan-activity; sid:100002255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.116.54.151"; classtype:trojan-activity; sid:100002256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.117.103.34"; classtype:trojan-activity; sid:100002257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.117.194.99"; classtype:trojan-activity; sid:100002258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.125.113.156"; classtype:trojan-activity; sid:100002259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.125.173.209"; classtype:trojan-activity; sid:100002260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.126.255.209"; classtype:trojan-activity; sid:100002261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.137.148.52"; classtype:trojan-activity; sid:100002262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.162.223.10"; classtype:trojan-activity; sid:100002263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.163.61.172"; classtype:trojan-activity; sid:100002264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.165.113.116"; classtype:trojan-activity; sid:100002265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.176.105.41"; classtype:trojan-activity; sid:100002266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.176.165.230"; classtype:trojan-activity; sid:100002267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.176.214.171"; classtype:trojan-activity; sid:100002268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.176.245.129"; classtype:trojan-activity; sid:100002269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.176.96.248"; classtype:trojan-activity; sid:100002270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.104.65"; classtype:trojan-activity; sid:100002271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.180.6"; classtype:trojan-activity; sid:100002272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.190.153"; classtype:trojan-activity; sid:100002273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.212.149"; classtype:trojan-activity; sid:100002274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.241.113"; classtype:trojan-activity; sid:100002275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.242.73"; classtype:trojan-activity; sid:100002276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.246.35"; classtype:trojan-activity; sid:100002277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.5.36"; classtype:trojan-activity; sid:100002278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.177.82.113"; classtype:trojan-activity; sid:100002279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.180.217.199"; classtype:trojan-activity; sid:100002280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.214.239.85"; classtype:trojan-activity; sid:100002281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.218.153.71"; classtype:trojan-activity; sid:100002282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.218.5.171"; classtype:trojan-activity; sid:100002283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.248.80.38"; classtype:trojan-activity; sid:100002284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"180.250.7.106"; classtype:trojan-activity; sid:100002285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.112.138.154"; classtype:trojan-activity; sid:100002286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.112.218.238"; classtype:trojan-activity; sid:100002287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.112.218.6"; classtype:trojan-activity; sid:100002288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.129.124.42"; classtype:trojan-activity; sid:100002289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.129.137.29"; classtype:trojan-activity; sid:100002290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.143.60.163"; classtype:trojan-activity; sid:100002291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.188.105.127"; classtype:trojan-activity; sid:100002292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.196.241.210"; classtype:trojan-activity; sid:100002293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.199.170.210"; classtype:trojan-activity; sid:100002294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.199.170.222"; classtype:trojan-activity; sid:100002295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.199.170.230"; classtype:trojan-activity; sid:100002296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.199.170.240"; classtype:trojan-activity; sid:100002297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.211.190.10"; classtype:trojan-activity; sid:100002298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.224.242.131"; classtype:trojan-activity; sid:100002299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.48.241.226"; classtype:trojan-activity; sid:100002300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.49.225.83"; classtype:trojan-activity; sid:100002301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.49.236.4"; classtype:trojan-activity; sid:100002302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"181.49.59.162"; classtype:trojan-activity; sid:100002303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.112.0.44"; classtype:trojan-activity; sid:100002304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.112.15.67"; classtype:trojan-activity; sid:100002305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.112.52.158"; classtype:trojan-activity; sid:100002306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.112.57.95"; classtype:trojan-activity; sid:100002307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.113.15.49"; classtype:trojan-activity; sid:100002308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.113.207.191"; classtype:trojan-activity; sid:100002309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.113.212.103"; classtype:trojan-activity; sid:100002310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.113.4.170"; classtype:trojan-activity; sid:100002311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.100.164"; classtype:trojan-activity; sid:100002312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.103.187"; classtype:trojan-activity; sid:100002313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.108.31"; classtype:trojan-activity; sid:100002314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.126.23"; classtype:trojan-activity; sid:100002315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.169.254"; classtype:trojan-activity; sid:100002316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.194.200"; classtype:trojan-activity; sid:100002317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.199.179"; classtype:trojan-activity; sid:100002318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.248.94"; classtype:trojan-activity; sid:100002319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.251.117"; classtype:trojan-activity; sid:100002320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.254.248"; classtype:trojan-activity; sid:100002321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.31.156"; classtype:trojan-activity; sid:100002322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.59.33"; classtype:trojan-activity; sid:100002323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.77.31"; classtype:trojan-activity; sid:100002324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.80.128"; classtype:trojan-activity; sid:100002325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.91.192"; classtype:trojan-activity; sid:100002326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.95.176"; classtype:trojan-activity; sid:100002327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.114.97.242"; classtype:trojan-activity; sid:100002328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.115.240.129"; classtype:trojan-activity; sid:100002329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.101.132"; classtype:trojan-activity; sid:100002330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.104.99"; classtype:trojan-activity; sid:100002331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.105.143"; classtype:trojan-activity; sid:100002332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.105.44"; classtype:trojan-activity; sid:100002333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.108.55"; classtype:trojan-activity; sid:100002334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.109.4"; classtype:trojan-activity; sid:100002335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.111.243"; classtype:trojan-activity; sid:100002336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.112.175"; classtype:trojan-activity; sid:100002337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.120.29"; classtype:trojan-activity; sid:100002338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.122.31"; classtype:trojan-activity; sid:100002339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.209.238"; classtype:trojan-activity; sid:100002340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.251.58"; classtype:trojan-activity; sid:100002341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.38.185"; classtype:trojan-activity; sid:100002342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.46.253"; classtype:trojan-activity; sid:100002343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.69.25"; classtype:trojan-activity; sid:100002344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.70.163"; classtype:trojan-activity; sid:100002345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.83.251"; classtype:trojan-activity; sid:100002346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.96.148"; classtype:trojan-activity; sid:100002347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.99.235"; classtype:trojan-activity; sid:100002348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.116.99.237"; classtype:trojan-activity; sid:100002349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.1.232"; classtype:trojan-activity; sid:100002350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.115.215"; classtype:trojan-activity; sid:100002351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.124.60"; classtype:trojan-activity; sid:100002352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.130.61"; classtype:trojan-activity; sid:100002353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.160.122"; classtype:trojan-activity; sid:100002354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.163.51"; classtype:trojan-activity; sid:100002355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.166.14"; classtype:trojan-activity; sid:100002356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.41.198"; classtype:trojan-activity; sid:100002357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.42.178"; classtype:trojan-activity; sid:100002358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.42.243"; classtype:trojan-activity; sid:100002359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.48.237"; classtype:trojan-activity; sid:100002360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.51.206"; classtype:trojan-activity; sid:100002361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.117.83.47"; classtype:trojan-activity; sid:100002362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.118.141.152"; classtype:trojan-activity; sid:100002363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.118.244.3"; classtype:trojan-activity; sid:100002364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.100.70"; classtype:trojan-activity; sid:100002365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.11.182"; classtype:trojan-activity; sid:100002366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.110.93"; classtype:trojan-activity; sid:100002367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.111.239"; classtype:trojan-activity; sid:100002368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.119.123"; classtype:trojan-activity; sid:100002369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.136.5"; classtype:trojan-activity; sid:100002370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.161.57"; classtype:trojan-activity; sid:100002371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.165.127"; classtype:trojan-activity; sid:100002372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.176.132"; classtype:trojan-activity; sid:100002373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.178.176"; classtype:trojan-activity; sid:100002374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.198.202"; classtype:trojan-activity; sid:100002375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.205.156"; classtype:trojan-activity; sid:100002376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.209.222"; classtype:trojan-activity; sid:100002377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.210.215"; classtype:trojan-activity; sid:100002378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.214.97"; classtype:trojan-activity; sid:100002379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.218.24"; classtype:trojan-activity; sid:100002380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.219.126"; classtype:trojan-activity; sid:100002381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.220.232"; classtype:trojan-activity; sid:100002382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.224.192"; classtype:trojan-activity; sid:100002383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.224.253"; classtype:trojan-activity; sid:100002384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.230.239"; classtype:trojan-activity; sid:100002385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.248.72"; classtype:trojan-activity; sid:100002386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.251.57"; classtype:trojan-activity; sid:100002387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.119.53.161"; classtype:trojan-activity; sid:100002388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.120.13.198"; classtype:trojan-activity; sid:100002389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.120.32.173"; classtype:trojan-activity; sid:100002390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.120.59.55"; classtype:trojan-activity; sid:100002391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.111.91"; classtype:trojan-activity; sid:100002392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.125.249"; classtype:trojan-activity; sid:100002393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.132.168"; classtype:trojan-activity; sid:100002394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.135.16"; classtype:trojan-activity; sid:100002395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.146.51"; classtype:trojan-activity; sid:100002396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.153.31"; classtype:trojan-activity; sid:100002397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.153.79"; classtype:trojan-activity; sid:100002398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.154.246"; classtype:trojan-activity; sid:100002399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.155.55"; classtype:trojan-activity; sid:100002400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.156.218"; classtype:trojan-activity; sid:100002401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.158.208"; classtype:trojan-activity; sid:100002402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.171.235"; classtype:trojan-activity; sid:100002403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.18.224"; classtype:trojan-activity; sid:100002404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.188.219"; classtype:trojan-activity; sid:100002405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.19.193"; classtype:trojan-activity; sid:100002406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.209.58"; classtype:trojan-activity; sid:100002407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.23.57"; classtype:trojan-activity; sid:100002408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.235.188"; classtype:trojan-activity; sid:100002409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.240.33"; classtype:trojan-activity; sid:100002410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.244.162"; classtype:trojan-activity; sid:100002411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.25.6"; classtype:trojan-activity; sid:100002412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.30.225"; classtype:trojan-activity; sid:100002413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.45.108"; classtype:trojan-activity; sid:100002414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.46.72"; classtype:trojan-activity; sid:100002415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.55.206"; classtype:trojan-activity; sid:100002416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.68.48"; classtype:trojan-activity; sid:100002417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.82.146"; classtype:trojan-activity; sid:100002418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.82.246"; classtype:trojan-activity; sid:100002419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.84.153"; classtype:trojan-activity; sid:100002420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.91.31"; classtype:trojan-activity; sid:100002421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.121.92.210"; classtype:trojan-activity; sid:100002422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.122.126"; classtype:trojan-activity; sid:100002423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.125.93"; classtype:trojan-activity; sid:100002424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.127.86"; classtype:trojan-activity; sid:100002425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.201.247"; classtype:trojan-activity; sid:100002426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.209.43"; classtype:trojan-activity; sid:100002427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.210.52"; classtype:trojan-activity; sid:100002428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.211.40"; classtype:trojan-activity; sid:100002429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.225.90"; classtype:trojan-activity; sid:100002430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.228.190"; classtype:trojan-activity; sid:100002431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.122.61.250"; classtype:trojan-activity; sid:100002432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.123.165.116"; classtype:trojan-activity; sid:100002433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.123.193.126"; classtype:trojan-activity; sid:100002434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.123.214.19"; classtype:trojan-activity; sid:100002435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.123.245.121"; classtype:trojan-activity; sid:100002436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.123.253.48"; classtype:trojan-activity; sid:100002437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.123.255.133"; classtype:trojan-activity; sid:100002438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.1.132"; classtype:trojan-activity; sid:100002439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.113.234"; classtype:trojan-activity; sid:100002440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.136.155"; classtype:trojan-activity; sid:100002441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.147.96"; classtype:trojan-activity; sid:100002442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.148.97"; classtype:trojan-activity; sid:100002443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.172.136"; classtype:trojan-activity; sid:100002444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.173.12"; classtype:trojan-activity; sid:100002445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.182.209"; classtype:trojan-activity; sid:100002446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.58.64"; classtype:trojan-activity; sid:100002447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.124.63.42"; classtype:trojan-activity; sid:100002448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.110.236"; classtype:trojan-activity; sid:100002449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.126.90"; classtype:trojan-activity; sid:100002450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.127.154"; classtype:trojan-activity; sid:100002451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.127.183"; classtype:trojan-activity; sid:100002452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.127.84"; classtype:trojan-activity; sid:100002453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.130.46"; classtype:trojan-activity; sid:100002454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.215.59"; classtype:trojan-activity; sid:100002455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.22.5"; classtype:trojan-activity; sid:100002456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.82.249"; classtype:trojan-activity; sid:100002457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.87.103"; classtype:trojan-activity; sid:100002458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.87.126"; classtype:trojan-activity; sid:100002459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.88.28"; classtype:trojan-activity; sid:100002460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.93.135"; classtype:trojan-activity; sid:100002461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.126.94.202"; classtype:trojan-activity; sid:100002462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.1.250"; classtype:trojan-activity; sid:100002463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.110.133"; classtype:trojan-activity; sid:100002464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.114.224"; classtype:trojan-activity; sid:100002465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.124.145"; classtype:trojan-activity; sid:100002466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.138.25"; classtype:trojan-activity; sid:100002467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.138.27"; classtype:trojan-activity; sid:100002468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.152.194"; classtype:trojan-activity; sid:100002469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.155.177"; classtype:trojan-activity; sid:100002470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.155.190"; classtype:trojan-activity; sid:100002471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.156.115"; classtype:trojan-activity; sid:100002472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.156.153"; classtype:trojan-activity; sid:100002473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.17.173"; classtype:trojan-activity; sid:100002474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.211.235"; classtype:trojan-activity; sid:100002475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.240.37"; classtype:trojan-activity; sid:100002476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.66.174"; classtype:trojan-activity; sid:100002477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.127.67.219"; classtype:trojan-activity; sid:100002478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.160.98.250"; classtype:trojan-activity; sid:100002479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.166.180.194"; classtype:trojan-activity; sid:100002480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.207.216.8"; classtype:trojan-activity; sid:100002481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.235.248.190"; classtype:trojan-activity; sid:100002482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.235.248.204"; classtype:trojan-activity; sid:100002483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.235.250.223"; classtype:trojan-activity; sid:100002484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.253.205.235"; classtype:trojan-activity; sid:100002485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.52.51.215"; classtype:trojan-activity; sid:100002486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.53.197.62"; classtype:trojan-activity; sid:100002487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.58.189.2"; classtype:trojan-activity; sid:100002488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.59.185.60"; classtype:trojan-activity; sid:100002489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.59.228.121"; classtype:trojan-activity; sid:100002490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.59.47.20"; classtype:trojan-activity; sid:100002491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.93.54.42"; classtype:trojan-activity; sid:100002492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.104.255.139"; classtype:trojan-activity; sid:100002493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.108.201.171"; classtype:trojan-activity; sid:100002494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.109.144.84"; classtype:trojan-activity; sid:100002495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.109.169.45"; classtype:trojan-activity; sid:100002496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.136.33.104"; classtype:trojan-activity; sid:100002497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.142.96.244"; classtype:trojan-activity; sid:100002498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.145.10.15"; classtype:trojan-activity; sid:100002499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.148.40.223"; classtype:trojan-activity; sid:100002500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.148.54.253"; classtype:trojan-activity; sid:100002501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.15.126.197"; classtype:trojan-activity; sid:100002502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.15.88.68"; classtype:trojan-activity; sid:100002503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.150.148.34"; classtype:trojan-activity; sid:100002504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.150.80.11"; classtype:trojan-activity; sid:100002505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.151.193.14"; classtype:trojan-activity; sid:100002506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.151.98.141"; classtype:trojan-activity; sid:100002507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.158.41.145"; classtype:trojan-activity; sid:100002508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.17.145.80"; classtype:trojan-activity; sid:100002509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.186.179.229"; classtype:trojan-activity; sid:100002510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.186.24.95"; classtype:trojan-activity; sid:100002511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.132.112"; classtype:trojan-activity; sid:100002512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.134.234"; classtype:trojan-activity; sid:100002513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.138.204"; classtype:trojan-activity; sid:100002514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.140.37"; classtype:trojan-activity; sid:100002515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.144.145"; classtype:trojan-activity; sid:100002516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.153.203"; classtype:trojan-activity; sid:100002517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.159.209"; classtype:trojan-activity; sid:100002518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.207.230"; classtype:trojan-activity; sid:100002519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.207.71"; classtype:trojan-activity; sid:100002520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.229.215"; classtype:trojan-activity; sid:100002521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.23.184"; classtype:trojan-activity; sid:100002522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.238.63"; classtype:trojan-activity; sid:100002523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.45.152"; classtype:trojan-activity; sid:100002524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.58.87"; classtype:trojan-activity; sid:100002525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.70.128"; classtype:trojan-activity; sid:100002526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.81.42"; classtype:trojan-activity; sid:100002527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.89.86"; classtype:trojan-activity; sid:100002528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.188.91.54"; classtype:trojan-activity; sid:100002529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.250.157.159"; classtype:trojan-activity; sid:100002530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.50.41.106"; classtype:trojan-activity; sid:100002531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.80.86.20"; classtype:trojan-activity; sid:100002532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.92.132.103"; classtype:trojan-activity; sid:100002533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.95.123.240"; classtype:trojan-activity; sid:100002534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.97.139.14"; classtype:trojan-activity; sid:100002535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"183.99.18.203"; classtype:trojan-activity; sid:100002536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"184.175.115.10"; classtype:trojan-activity; sid:100002537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.101.105.173"; classtype:trojan-activity; sid:100002538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.106.209.68"; classtype:trojan-activity; sid:100002539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.107.0.213"; classtype:trojan-activity; sid:100002540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.107.96.180"; classtype:trojan-activity; sid:100002541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.12.78.161"; classtype:trojan-activity; sid:100002542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.138.123.179"; classtype:trojan-activity; sid:100002543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.153.199.169"; classtype:trojan-activity; sid:100002544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.154.196.87"; classtype:trojan-activity; sid:100002545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.157.168.198"; classtype:trojan-activity; sid:100002546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.18.7.19"; classtype:trojan-activity; sid:100002547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.190.90.50"; classtype:trojan-activity; sid:100002548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.191.246.45"; classtype:trojan-activity; sid:100002549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.198.57.75"; classtype:trojan-activity; sid:100002550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.215.113.25"; classtype:trojan-activity; sid:100002551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.215.113.36"; classtype:trojan-activity; sid:100002552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.215.113.77"; classtype:trojan-activity; sid:100002553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.220.204.102"; classtype:trojan-activity; sid:100002554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.220.48.223"; classtype:trojan-activity; sid:100002555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.221.3.244"; classtype:trojan-activity; sid:100002556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.222.57.162"; classtype:trojan-activity; sid:100002557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.222.57.177"; classtype:trojan-activity; sid:100002558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.222.57.85"; classtype:trojan-activity; sid:100002559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.228.141.74"; classtype:trojan-activity; sid:100002560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.23.175.7"; classtype:trojan-activity; sid:100002561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.238.123.74"; classtype:trojan-activity; sid:100002562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.241.236.251"; classtype:trojan-activity; sid:100002563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.243.56.167"; classtype:trojan-activity; sid:100002564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.26.113.95"; classtype:trojan-activity; sid:100002565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.64.208.48"; classtype:trojan-activity; sid:100002566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.81.157.186"; classtype:trojan-activity; sid:100002567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.90.166.56"; classtype:trojan-activity; sid:100002568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185.99.47.249"; classtype:trojan-activity; sid:100002569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.120.114.44"; classtype:trojan-activity; sid:100002570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.179.219.164"; classtype:trojan-activity; sid:100002571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.179.243.112"; classtype:trojan-activity; sid:100002572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.179.243.77"; classtype:trojan-activity; sid:100002573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.179.253.150"; classtype:trojan-activity; sid:100002574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.222.76.176"; classtype:trojan-activity; sid:100002575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.227.148.107"; classtype:trojan-activity; sid:100002576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.100.101"; classtype:trojan-activity; sid:100002577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.100.162"; classtype:trojan-activity; sid:100002578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.100.245"; classtype:trojan-activity; sid:100002579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.104.103"; classtype:trojan-activity; sid:100002580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.104.181"; classtype:trojan-activity; sid:100002581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.104.50"; classtype:trojan-activity; sid:100002582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.104.54"; classtype:trojan-activity; sid:100002583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.109.219"; classtype:trojan-activity; sid:100002584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.113.214"; classtype:trojan-activity; sid:100002585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.114.133"; classtype:trojan-activity; sid:100002586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.114.66"; classtype:trojan-activity; sid:100002587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.114.82"; classtype:trojan-activity; sid:100002588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.115.87"; classtype:trojan-activity; sid:100002589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.80.106"; classtype:trojan-activity; sid:100002590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.80.221"; classtype:trojan-activity; sid:100002591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.81.131"; classtype:trojan-activity; sid:100002592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.81.164"; classtype:trojan-activity; sid:100002593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.82.228"; classtype:trojan-activity; sid:100002594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.82.234"; classtype:trojan-activity; sid:100002595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.82.93"; classtype:trojan-activity; sid:100002596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.83.136"; classtype:trojan-activity; sid:100002597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.84.115"; classtype:trojan-activity; sid:100002598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.84.74"; classtype:trojan-activity; sid:100002599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.84.87"; classtype:trojan-activity; sid:100002600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.85.88"; classtype:trojan-activity; sid:100002601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.86.249"; classtype:trojan-activity; sid:100002602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.87.110"; classtype:trojan-activity; sid:100002603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.87.81"; classtype:trojan-activity; sid:100002604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.88.163"; classtype:trojan-activity; sid:100002605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.88.26"; classtype:trojan-activity; sid:100002606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.89.175"; classtype:trojan-activity; sid:100002607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.89.3"; classtype:trojan-activity; sid:100002608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.89.86"; classtype:trojan-activity; sid:100002609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.90.143"; classtype:trojan-activity; sid:100002610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.92.77"; classtype:trojan-activity; sid:100002611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.93.103"; classtype:trojan-activity; sid:100002612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.94.173"; classtype:trojan-activity; sid:100002613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.94.175"; classtype:trojan-activity; sid:100002614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.95.248"; classtype:trojan-activity; sid:100002615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.33.95.27"; classtype:trojan-activity; sid:100002616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.4.125.48"; classtype:trojan-activity; sid:100002617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.72.254.131"; classtype:trojan-activity; sid:100002618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.73.188.132"; classtype:trojan-activity; sid:100002619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.94.199.156"; classtype:trojan-activity; sid:100002620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"186.96.217.226"; classtype:trojan-activity; sid:100002621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"187.135.180.71"; classtype:trojan-activity; sid:100002622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"187.188.124.229"; classtype:trojan-activity; sid:100002623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"187.73.248.241"; classtype:trojan-activity; sid:100002624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.0.148.132"; classtype:trojan-activity; sid:100002625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.0.148.230"; classtype:trojan-activity; sid:100002626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.10.231.246"; classtype:trojan-activity; sid:100002627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.113.105.122"; classtype:trojan-activity; sid:100002628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.12.87.231"; classtype:trojan-activity; sid:100002629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.13.179.87"; classtype:trojan-activity; sid:100002630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.134.18.36"; classtype:trojan-activity; sid:100002631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.138.200.32"; classtype:trojan-activity; sid:100002632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.169.167.249"; classtype:trojan-activity; sid:100002633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.169.174.237"; classtype:trojan-activity; sid:100002634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.169.178.50"; classtype:trojan-activity; sid:100002635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.169.179.151"; classtype:trojan-activity; sid:100002636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.169.199.47"; classtype:trojan-activity; sid:100002637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.169.36.27"; classtype:trojan-activity; sid:100002638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.19.177.72"; classtype:trojan-activity; sid:100002639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.19.189.158"; classtype:trojan-activity; sid:100002640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.2.60.241"; classtype:trojan-activity; sid:100002641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.225.251.189"; classtype:trojan-activity; sid:100002642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.234.112.48"; classtype:trojan-activity; sid:100002643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.234.214.19"; classtype:trojan-activity; sid:100002644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.242.167.159"; classtype:trojan-activity; sid:100002645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.242.242.144"; classtype:trojan-activity; sid:100002646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"188.67.160.132"; classtype:trojan-activity; sid:100002647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"189.147.84.125"; classtype:trojan-activity; sid:100002648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"189.188.7.3"; classtype:trojan-activity; sid:100002649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"189.203.214.232"; classtype:trojan-activity; sid:100002650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"189.223.57.119"; classtype:trojan-activity; sid:100002651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"189.236.48.150"; classtype:trojan-activity; sid:100002652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"189.85.34.190"; classtype:trojan-activity; sid:100002653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.0.42.106"; classtype:trojan-activity; sid:100002654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.109.178.139"; classtype:trojan-activity; sid:100002655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.110.161.252"; classtype:trojan-activity; sid:100002656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.110.222.174"; classtype:trojan-activity; sid:100002657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.12.99.194"; classtype:trojan-activity; sid:100002658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.121.34.7"; classtype:trojan-activity; sid:100002659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.10"; classtype:trojan-activity; sid:100002660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.13"; classtype:trojan-activity; sid:100002661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.14"; classtype:trojan-activity; sid:100002662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.160"; classtype:trojan-activity; sid:100002663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.3"; classtype:trojan-activity; sid:100002664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.32"; classtype:trojan-activity; sid:100002665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.37"; classtype:trojan-activity; sid:100002666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.4"; classtype:trojan-activity; sid:100002667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.46"; classtype:trojan-activity; sid:100002668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.6"; classtype:trojan-activity; sid:100002669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.7"; classtype:trojan-activity; sid:100002670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.73"; classtype:trojan-activity; sid:100002671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.74"; classtype:trojan-activity; sid:100002672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.79"; classtype:trojan-activity; sid:100002673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.8"; classtype:trojan-activity; sid:100002674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.89"; classtype:trojan-activity; sid:100002675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.90"; classtype:trojan-activity; sid:100002676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.122.112.97"; classtype:trojan-activity; sid:100002677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.130.15.212"; classtype:trojan-activity; sid:100002678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.147.16.184"; classtype:trojan-activity; sid:100002679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.15.248.17"; classtype:trojan-activity; sid:100002680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.159.240.9"; classtype:trojan-activity; sid:100002681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.196.237.41"; classtype:trojan-activity; sid:100002682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.214.24.194"; classtype:trojan-activity; sid:100002683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.216.140.123"; classtype:trojan-activity; sid:100002684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.219.6.150"; classtype:trojan-activity; sid:100002685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.237.210.158"; classtype:trojan-activity; sid:100002686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.38.136.230"; classtype:trojan-activity; sid:100002687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.85.106.42"; classtype:trojan-activity; sid:100002688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.85.213.51"; classtype:trojan-activity; sid:100002689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.98.37.135"; classtype:trojan-activity; sid:100002690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.98.37.200"; classtype:trojan-activity; sid:100002691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190.98.41.33"; classtype:trojan-activity; sid:100002692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"191.100.24.207"; classtype:trojan-activity; sid:100002693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"191.100.27.91"; classtype:trojan-activity; sid:100002694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"191.209.82.96"; classtype:trojan-activity; sid:100002695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"191.255.248.220"; classtype:trojan-activity; sid:100002696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"191.33.171.242"; classtype:trojan-activity; sid:100002697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.162.48.97"; classtype:trojan-activity; sid:100002698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.210.222.82"; classtype:trojan-activity; sid:100002699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.227.158.101"; classtype:trojan-activity; sid:100002700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.227.225.173"; classtype:trojan-activity; sid:100002701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.227.225.184"; classtype:trojan-activity; sid:100002702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.110.163"; classtype:trojan-activity; sid:100002703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.110.170"; classtype:trojan-activity; sid:100002704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.110.172"; classtype:trojan-activity; sid:100002705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.122.133"; classtype:trojan-activity; sid:100002706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.122.140"; classtype:trojan-activity; sid:100002707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.13.11"; classtype:trojan-activity; sid:100002708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.194.242"; classtype:trojan-activity; sid:100002709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.222.133"; classtype:trojan-activity; sid:100002710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"192.3.228.148"; classtype:trojan-activity; sid:100002711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"193.107.151.209"; classtype:trojan-activity; sid:100002712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"193.123.98.96"; classtype:trojan-activity; sid:100002713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"193.56.146.36"; classtype:trojan-activity; sid:100002714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"193.56.146.99"; classtype:trojan-activity; sid:100002715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"193.93.77.186"; classtype:trojan-activity; sid:100002716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"194.132.235.192"; classtype:trojan-activity; sid:100002717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"194.190.49.103"; classtype:trojan-activity; sid:100002718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"194.38.20.199"; classtype:trojan-activity; sid:100002719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"194.38.20.232"; classtype:trojan-activity; sid:100002720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"194.54.160.248"; classtype:trojan-activity; sid:100002721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"194.88.153.71"; classtype:trojan-activity; sid:100002722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.133.18.116"; classtype:trojan-activity; sid:100002723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.133.18.148"; classtype:trojan-activity; sid:100002724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.144.235.42"; classtype:trojan-activity; sid:100002725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.158.104.190"; classtype:trojan-activity; sid:100002726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.162.70.104"; classtype:trojan-activity; sid:100002727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.19.192.28"; classtype:trojan-activity; sid:100002728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.228.231.218"; classtype:trojan-activity; sid:100002729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"195.24.94.187"; classtype:trojan-activity; sid:100002730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"196.2.11.215"; classtype:trojan-activity; sid:100002731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"196.202.26.182"; classtype:trojan-activity; sid:100002732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"196.218.214.7"; classtype:trojan-activity; sid:100002733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"196.221.148.90"; classtype:trojan-activity; sid:100002734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"196.221.166.203"; classtype:trojan-activity; sid:100002735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"196.221.208.149"; classtype:trojan-activity; sid:100002736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"196.92.240.255"; classtype:trojan-activity; sid:100002737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.12.107.117"; classtype:trojan-activity; sid:100002738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.12.127.187"; classtype:trojan-activity; sid:100002739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.12.84.79"; classtype:trojan-activity; sid:100002740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.23.214.174"; classtype:trojan-activity; sid:100002741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.46.233.46"; classtype:trojan-activity; sid:100002742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.56.58.115"; classtype:trojan-activity; sid:100002743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.98.55.220"; classtype:trojan-activity; sid:100002744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"198.98.55.249"; classtype:trojan-activity; sid:100002745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"199.19.226.117"; classtype:trojan-activity; sid:100002746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"199.203.204.116"; classtype:trojan-activity; sid:100002747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1stcreditsg.qnotice.com"; classtype:trojan-activity; sid:100002748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.196.133.255"; classtype:trojan-activity; sid:100002749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.249.178.144"; classtype:trojan-activity; sid:100002750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.32.205.162"; classtype:trojan-activity; sid:100002751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.36.231.201"; classtype:trojan-activity; sid:100002752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.37.203.65"; classtype:trojan-activity; sid:100002753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.42.49.29"; classtype:trojan-activity; sid:100002754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.45.111.158"; classtype:trojan-activity; sid:100002755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.55.68.11"; classtype:trojan-activity; sid:100002756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.55.85.242"; classtype:trojan-activity; sid:100002757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.56.59.237"; classtype:trojan-activity; sid:100002758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.56.59.42"; classtype:trojan-activity; sid:100002759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.62.113.142"; classtype:trojan-activity; sid:100002760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.83.152.16"; classtype:trojan-activity; sid:100002761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.indexsinas.me"; classtype:trojan-activity; sid:100002762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"20.69.160.69"; classtype:trojan-activity; sid:100002763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.105.199.222"; classtype:trojan-activity; sid:100002764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.107.119.135"; classtype:trojan-activity; sid:100002765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.109.57.148"; classtype:trojan-activity; sid:100002766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.111.189.70"; classtype:trojan-activity; sid:100002767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.125.165.178"; classtype:trojan-activity; sid:100002768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.151.167.118"; classtype:trojan-activity; sid:100002769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.2.189.27"; classtype:trojan-activity; sid:100002770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.236.120.226"; classtype:trojan-activity; sid:100002771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.30.132.50"; classtype:trojan-activity; sid:100002772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"200.31.19.179"; classtype:trojan-activity; sid:100002773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.130.187.73"; classtype:trojan-activity; sid:100002774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.172.206.60"; classtype:trojan-activity; sid:100002775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.184.163.170"; classtype:trojan-activity; sid:100002776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.187.102.73"; classtype:trojan-activity; sid:100002777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.200.254.86"; classtype:trojan-activity; sid:100002778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.200.4.44"; classtype:trojan-activity; sid:100002779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.206.146.33"; classtype:trojan-activity; sid:100002780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"201.77.124.160"; classtype:trojan-activity; sid:100002781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.107.233.41"; classtype:trojan-activity; sid:100002782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.111.130.146"; classtype:trojan-activity; sid:100002783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.124.229.232"; classtype:trojan-activity; sid:100002784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.169.232.202"; classtype:trojan-activity; sid:100002785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.178.125.12"; classtype:trojan-activity; sid:100002786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.178.125.203"; classtype:trojan-activity; sid:100002787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.29.95.12"; classtype:trojan-activity; sid:100002788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.4.124.58"; classtype:trojan-activity; sid:100002789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.51.176.114"; classtype:trojan-activity; sid:100002790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.51.181.238"; classtype:trojan-activity; sid:100002791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.55.133.79"; classtype:trojan-activity; sid:100002792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"202.89.79.14"; classtype:trojan-activity; sid:100002793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.109.201.243"; classtype:trojan-activity; sid:100002794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.129.21.88"; classtype:trojan-activity; sid:100002795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.170.105.8"; classtype:trojan-activity; sid:100002796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.176.129.115"; classtype:trojan-activity; sid:100002797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.176.129.73"; classtype:trojan-activity; sid:100002798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.189.156.107"; classtype:trojan-activity; sid:100002799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.202.248.22"; classtype:trojan-activity; sid:100002800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.203.34.107"; classtype:trojan-activity; sid:100002801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.204.193.17"; classtype:trojan-activity; sid:100002802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.204.232.18"; classtype:trojan-activity; sid:100002803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.204.237.23"; classtype:trojan-activity; sid:100002804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.217.118.61"; classtype:trojan-activity; sid:100002805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.223.44.206"; classtype:trojan-activity; sid:100002806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.229.21.56"; classtype:trojan-activity; sid:100002807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.236.109.113"; classtype:trojan-activity; sid:100002808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.236.190.28"; classtype:trojan-activity; sid:100002809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.70.166.107"; classtype:trojan-activity; sid:100002810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.77.80.159"; classtype:trojan-activity; sid:100002811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.80.119.166"; classtype:trojan-activity; sid:100002812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.80.171.138"; classtype:trojan-activity; sid:100002813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.82.36.34"; classtype:trojan-activity; sid:100002814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.99.177.22"; classtype:trojan-activity; sid:100002815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"203.99.190.45"; classtype:trojan-activity; sid:100002816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"204.157.136.206"; classtype:trojan-activity; sid:100002817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"205.185.114.157"; classtype:trojan-activity; sid:100002818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"205.185.115.164"; classtype:trojan-activity; sid:100002819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"205.185.121.185"; classtype:trojan-activity; sid:100002820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"205.185.126.27"; classtype:trojan-activity; sid:100002821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"205.185.126.71"; classtype:trojan-activity; sid:100002822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"206.47.41.175"; classtype:trojan-activity; sid:100002823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"207.237.12.108"; classtype:trojan-activity; sid:100002824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"207.44.28.234"; classtype:trojan-activity; sid:100002825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"207.5.32.6"; classtype:trojan-activity; sid:100002826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"208.163.58.18"; classtype:trojan-activity; sid:100002827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"209.112.239.210"; classtype:trojan-activity; sid:100002828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"209.12.192.98"; classtype:trojan-activity; sid:100002829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"209.127.78.26"; classtype:trojan-activity; sid:100002830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"209.127.78.27"; classtype:trojan-activity; sid:100002831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"209.141.33.136"; classtype:trojan-activity; sid:100002832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"209.141.42.149"; classtype:trojan-activity; sid:100002833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"209.141.60.62"; classtype:trojan-activity; sid:100002834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.113.211.169"; classtype:trojan-activity; sid:100002835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.121.99.126"; classtype:trojan-activity; sid:100002836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.126.16.88"; classtype:trojan-activity; sid:100002837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.126.78.204"; classtype:trojan-activity; sid:100002838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.182.189.215"; classtype:trojan-activity; sid:100002839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.205.1.151"; classtype:trojan-activity; sid:100002840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.205.1.161"; classtype:trojan-activity; sid:100002841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.209.175.157"; classtype:trojan-activity; sid:100002842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.64.244.133"; classtype:trojan-activity; sid:100002843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.96.4.50"; classtype:trojan-activity; sid:100002844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"210.97.100.16"; classtype:trojan-activity; sid:100002845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.180.62.113"; classtype:trojan-activity; sid:100002846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.194.58.50"; classtype:trojan-activity; sid:100002847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.197.54.21"; classtype:trojan-activity; sid:100002848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.198.209.51"; classtype:trojan-activity; sid:100002849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.210.93.93"; classtype:trojan-activity; sid:100002850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.220.110.171"; classtype:trojan-activity; sid:100002851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.225.158.43"; classtype:trojan-activity; sid:100002852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.227.199.94"; classtype:trojan-activity; sid:100002853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.227.227.182"; classtype:trojan-activity; sid:100002854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.228.143.239"; classtype:trojan-activity; sid:100002855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.230.105.92"; classtype:trojan-activity; sid:100002856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.238.83.238"; classtype:trojan-activity; sid:100002857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.243.212.34"; classtype:trojan-activity; sid:100002858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.250.243.131"; classtype:trojan-activity; sid:100002859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.250.48.238"; classtype:trojan-activity; sid:100002860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.47.83.200"; classtype:trojan-activity; sid:100002861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.50.17.115"; classtype:trojan-activity; sid:100002862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.50.54.124"; classtype:trojan-activity; sid:100002863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.51.181.106"; classtype:trojan-activity; sid:100002864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.51.89.116"; classtype:trojan-activity; sid:100002865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.74.129.233"; classtype:trojan-activity; sid:100002866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"211.76.32.237"; classtype:trojan-activity; sid:100002867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.107.239.43"; classtype:trojan-activity; sid:100002868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.143.128.213"; classtype:trojan-activity; sid:100002869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.143.227.22"; classtype:trojan-activity; sid:100002870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.150.218.226"; classtype:trojan-activity; sid:100002871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.192.241.44"; classtype:trojan-activity; sid:100002872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.193.30.206"; classtype:trojan-activity; sid:100002873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.200.115.20"; classtype:trojan-activity; sid:100002874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.46.197.114"; classtype:trojan-activity; sid:100002875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"212.60.74.154"; classtype:trojan-activity; sid:100002876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.101.190.120"; classtype:trojan-activity; sid:100002877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.103.155.153"; classtype:trojan-activity; sid:100002878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.14.173.117"; classtype:trojan-activity; sid:100002879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.149.181.132"; classtype:trojan-activity; sid:100002880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.149.182.113"; classtype:trojan-activity; sid:100002881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.149.190.193"; classtype:trojan-activity; sid:100002882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.16.63.103"; classtype:trojan-activity; sid:100002883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.179.241.125"; classtype:trojan-activity; sid:100002884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.202.230.103"; classtype:trojan-activity; sid:100002885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.207.178.31"; classtype:trojan-activity; sid:100002886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.235.183.42"; classtype:trojan-activity; sid:100002887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.240.218.15"; classtype:trojan-activity; sid:100002888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.243.216.3"; classtype:trojan-activity; sid:100002889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.27.8.6"; classtype:trojan-activity; sid:100002890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.87.87.173"; classtype:trojan-activity; sid:100002891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"213.94.59.206"; classtype:trojan-activity; sid:100002892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"216.170.240.98"; classtype:trojan-activity; sid:100002893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"216.183.54.169"; classtype:trojan-activity; sid:100002894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"216.36.12.98"; classtype:trojan-activity; sid:100002895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"216.66.184.175"; classtype:trojan-activity; sid:100002896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"217.11.75.162"; classtype:trojan-activity; sid:100002897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"217.133.100.91"; classtype:trojan-activity; sid:100002898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"217.145.193.216"; classtype:trojan-activity; sid:100002899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"217.210.104.187"; classtype:trojan-activity; sid:100002900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"217.219.221.69"; classtype:trojan-activity; sid:100002901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"217.8.228.92"; classtype:trojan-activity; sid:100002902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.12.177.67"; classtype:trojan-activity; sid:100002903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.144.113.26"; classtype:trojan-activity; sid:100002904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.147.159.117"; classtype:trojan-activity; sid:100002905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.155.136.57"; classtype:trojan-activity; sid:100002906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.164.128.157"; classtype:trojan-activity; sid:100002907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.164.198.218"; classtype:trojan-activity; sid:100002908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.214.102.125"; classtype:trojan-activity; sid:100002909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.27.103.198"; classtype:trojan-activity; sid:100002910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.29.146.168"; classtype:trojan-activity; sid:100002911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.29.147.77"; classtype:trojan-activity; sid:100002912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.35.210.194"; classtype:trojan-activity; sid:100002913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.35.227.133"; classtype:trojan-activity; sid:100002914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.35.81.81"; classtype:trojan-activity; sid:100002915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.38.241.103"; classtype:trojan-activity; sid:100002916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.38.241.105"; classtype:trojan-activity; sid:100002917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.56.237.88"; classtype:trojan-activity; sid:100002918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.56.78.236"; classtype:trojan-activity; sid:100002919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.59.12.225"; classtype:trojan-activity; sid:100002920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.59.3.68"; classtype:trojan-activity; sid:100002921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.6.107.231"; classtype:trojan-activity; sid:100002922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.72.201.196"; classtype:trojan-activity; sid:100002923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.74.159.111"; classtype:trojan-activity; sid:100002924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.90.107.16"; classtype:trojan-activity; sid:100002925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"218.94.237.29"; classtype:trojan-activity; sid:100002926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.114.210.105"; classtype:trojan-activity; sid:100002927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.134.11.216"; classtype:trojan-activity; sid:100002928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.140.11.116"; classtype:trojan-activity; sid:100002929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.140.124.50"; classtype:trojan-activity; sid:100002930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.140.20.183"; classtype:trojan-activity; sid:100002931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.100.237"; classtype:trojan-activity; sid:100002932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.108.102"; classtype:trojan-activity; sid:100002933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.108.171"; classtype:trojan-activity; sid:100002934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.115.64"; classtype:trojan-activity; sid:100002935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.125.210"; classtype:trojan-activity; sid:100002936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.174.133"; classtype:trojan-activity; sid:100002937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.184.69"; classtype:trojan-activity; sid:100002938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.19.86"; classtype:trojan-activity; sid:100002939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.96.57"; classtype:trojan-activity; sid:100002940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.97.110"; classtype:trojan-activity; sid:100002941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.98.43"; classtype:trojan-activity; sid:100002942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.154.99.211"; classtype:trojan-activity; sid:100002943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.101.231"; classtype:trojan-activity; sid:100002944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.105.249"; classtype:trojan-activity; sid:100002945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.106.51"; classtype:trojan-activity; sid:100002946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.23.135"; classtype:trojan-activity; sid:100002947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.24.105"; classtype:trojan-activity; sid:100002948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.24.232"; classtype:trojan-activity; sid:100002949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.24.83"; classtype:trojan-activity; sid:100002950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.25.99"; classtype:trojan-activity; sid:100002951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.26.162"; classtype:trojan-activity; sid:100002952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.28.104"; classtype:trojan-activity; sid:100002953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.28.185"; classtype:trojan-activity; sid:100002954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.30.239"; classtype:trojan-activity; sid:100002955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.30.73"; classtype:trojan-activity; sid:100002956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.155.96.95"; classtype:trojan-activity; sid:100002957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.101.128"; classtype:trojan-activity; sid:100002958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.131.245"; classtype:trojan-activity; sid:100002959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.154.174"; classtype:trojan-activity; sid:100002960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.16.128"; classtype:trojan-activity; sid:100002961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.166.229"; classtype:trojan-activity; sid:100002962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.27.226"; classtype:trojan-activity; sid:100002963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.58.103"; classtype:trojan-activity; sid:100002964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.76.10"; classtype:trojan-activity; sid:100002965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.77.226"; classtype:trojan-activity; sid:100002966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.156.84.196"; classtype:trojan-activity; sid:100002967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.10.96"; classtype:trojan-activity; sid:100002968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.11.54"; classtype:trojan-activity; sid:100002969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.144.106"; classtype:trojan-activity; sid:100002970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.144.229"; classtype:trojan-activity; sid:100002971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.145.87"; classtype:trojan-activity; sid:100002972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.160.52"; classtype:trojan-activity; sid:100002973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.175.162"; classtype:trojan-activity; sid:100002974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.176.155"; classtype:trojan-activity; sid:100002975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.180.132"; classtype:trojan-activity; sid:100002976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.20.235"; classtype:trojan-activity; sid:100002977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.201.165"; classtype:trojan-activity; sid:100002978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.201.179"; classtype:trojan-activity; sid:100002979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.204.187"; classtype:trojan-activity; sid:100002980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.215.146"; classtype:trojan-activity; sid:100002981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.22.252"; classtype:trojan-activity; sid:100002982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.239.197"; classtype:trojan-activity; sid:100002983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.24.17"; classtype:trojan-activity; sid:100002984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.245.66"; classtype:trojan-activity; sid:100002985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.251.221"; classtype:trojan-activity; sid:100002986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.255.107"; classtype:trojan-activity; sid:100002987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.33.161"; classtype:trojan-activity; sid:100002988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.40.80"; classtype:trojan-activity; sid:100002989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.41.217"; classtype:trojan-activity; sid:100002990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.53.67"; classtype:trojan-activity; sid:100002991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.55.115"; classtype:trojan-activity; sid:100002992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.157.58.11"; classtype:trojan-activity; sid:100002993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.1.84"; classtype:trojan-activity; sid:100002994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.13.193"; classtype:trojan-activity; sid:100002995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.163.7"; classtype:trojan-activity; sid:100002996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.2.83"; classtype:trojan-activity; sid:100002997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.244.6"; classtype:trojan-activity; sid:100002998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.245.160"; classtype:trojan-activity; sid:100002999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.245.35"; classtype:trojan-activity; sid:100003000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.245.63"; classtype:trojan-activity; sid:100003001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.251.184"; classtype:trojan-activity; sid:100003002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.68.5.140"; classtype:trojan-activity; sid:100003003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.69.101.7"; classtype:trojan-activity; sid:100003004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.70.239.115"; classtype:trojan-activity; sid:100003005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.70.254.144"; classtype:trojan-activity; sid:100003006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.71.217.73"; classtype:trojan-activity; sid:100003007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.78.47.106"; classtype:trojan-activity; sid:100003008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.80.160.101"; classtype:trojan-activity; sid:100003009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.80.217.209"; classtype:trojan-activity; sid:100003010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.84.189.18"; classtype:trojan-activity; sid:100003011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.84.190.235"; classtype:trojan-activity; sid:100003012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.85.144.87"; classtype:trojan-activity; sid:100003013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.85.185.238"; classtype:trojan-activity; sid:100003014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.85.53.120"; classtype:trojan-activity; sid:100003015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"219.86.240.145"; classtype:trojan-activity; sid:100003016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.120.15.27"; classtype:trojan-activity; sid:100003017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.121.228.224"; classtype:trojan-activity; sid:100003018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.132.32.123"; classtype:trojan-activity; sid:100003019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.133.87.233"; classtype:trojan-activity; sid:100003020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.158.140.178"; classtype:trojan-activity; sid:100003021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.168.240.73"; classtype:trojan-activity; sid:100003022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.184.22.57"; classtype:trojan-activity; sid:100003023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.200.23.8"; classtype:trojan-activity; sid:100003024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.233.69.182"; classtype:trojan-activity; sid:100003025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.71.143.221"; classtype:trojan-activity; sid:100003026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.79.180.243"; classtype:trojan-activity; sid:100003027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.81.123.35"; classtype:trojan-activity; sid:100003028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.83.177.93"; classtype:trojan-activity; sid:100003029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.93.239.104"; classtype:trojan-activity; sid:100003030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"220.95.54.147"; classtype:trojan-activity; sid:100003031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.0.107.250"; classtype:trojan-activity; sid:100003032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.0.118.47"; classtype:trojan-activity; sid:100003033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.0.125.33"; classtype:trojan-activity; sid:100003034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.0.148.218"; classtype:trojan-activity; sid:100003035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.0.229.99"; classtype:trojan-activity; sid:100003036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.156.174"; classtype:trojan-activity; sid:100003037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.163.134"; classtype:trojan-activity; sid:100003038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.173.2"; classtype:trojan-activity; sid:100003039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.224.132"; classtype:trojan-activity; sid:100003040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.224.184"; classtype:trojan-activity; sid:100003041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.225.191"; classtype:trojan-activity; sid:100003042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.225.228"; classtype:trojan-activity; sid:100003043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.225.229"; classtype:trojan-activity; sid:100003044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.225.80"; classtype:trojan-activity; sid:100003045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.226.216"; classtype:trojan-activity; sid:100003046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.227.115"; classtype:trojan-activity; sid:100003047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.1.245.112"; classtype:trojan-activity; sid:100003048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.13.232.153"; classtype:trojan-activity; sid:100003049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.135.97.211"; classtype:trojan-activity; sid:100003050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.14.163.9"; classtype:trojan-activity; sid:100003051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.14.166.174"; classtype:trojan-activity; sid:100003052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.14.183.84"; classtype:trojan-activity; sid:100003053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.14.240.202"; classtype:trojan-activity; sid:100003054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.14.53.33"; classtype:trojan-activity; sid:100003055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.14.53.66"; classtype:trojan-activity; sid:100003056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.14.57.174"; classtype:trojan-activity; sid:100003057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.144.178.226"; classtype:trojan-activity; sid:100003058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.144.51.33"; classtype:trojan-activity; sid:100003059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.109.100"; classtype:trojan-activity; sid:100003060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.112.107"; classtype:trojan-activity; sid:100003061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.113.113"; classtype:trojan-activity; sid:100003062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.125.171"; classtype:trojan-activity; sid:100003063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.125.210"; classtype:trojan-activity; sid:100003064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.127.126"; classtype:trojan-activity; sid:100003065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.13.133"; classtype:trojan-activity; sid:100003066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.140.63"; classtype:trojan-activity; sid:100003067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.144.107"; classtype:trojan-activity; sid:100003068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.147.144"; classtype:trojan-activity; sid:100003069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.186.150"; classtype:trojan-activity; sid:100003070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.194.85"; classtype:trojan-activity; sid:100003071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.195.76"; classtype:trojan-activity; sid:100003072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.226.222"; classtype:trojan-activity; sid:100003073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.230.88"; classtype:trojan-activity; sid:100003074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.237.101"; classtype:trojan-activity; sid:100003075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.237.19"; classtype:trojan-activity; sid:100003076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.252.135"; classtype:trojan-activity; sid:100003077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.252.214"; classtype:trojan-activity; sid:100003078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.4.108"; classtype:trojan-activity; sid:100003079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.5.100"; classtype:trojan-activity; sid:100003080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.61.62"; classtype:trojan-activity; sid:100003081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.7.172"; classtype:trojan-activity; sid:100003082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.77.133"; classtype:trojan-activity; sid:100003083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.86.92"; classtype:trojan-activity; sid:100003084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.88.146"; classtype:trojan-activity; sid:100003085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.15.88.222"; classtype:trojan-activity; sid:100003086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.155.229.103"; classtype:trojan-activity; sid:100003087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.157.191.178"; classtype:trojan-activity; sid:100003088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.159.216.138"; classtype:trojan-activity; sid:100003089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.160.177.204"; classtype:trojan-activity; sid:100003090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.160.177.66"; classtype:trojan-activity; sid:100003091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.165.86.45"; classtype:trojan-activity; sid:100003092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.167.61.157"; classtype:trojan-activity; sid:100003093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.200.17.166"; classtype:trojan-activity; sid:100003094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.202.43.231"; classtype:trojan-activity; sid:100003095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.207.250.72"; classtype:trojan-activity; sid:100003096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.214.158.195"; classtype:trojan-activity; sid:100003097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.214.192.123"; classtype:trojan-activity; sid:100003098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.215.116.75"; classtype:trojan-activity; sid:100003099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.215.199.192"; classtype:trojan-activity; sid:100003100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.215.223.204"; classtype:trojan-activity; sid:100003101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.225.213.85"; classtype:trojan-activity; sid:100003102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.225.92.171"; classtype:trojan-activity; sid:100003103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.227.194.102"; classtype:trojan-activity; sid:100003104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.232.181.170"; classtype:trojan-activity; sid:100003105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.232.29.43"; classtype:trojan-activity; sid:100003106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.234.209.165"; classtype:trojan-activity; sid:100003107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.235.140.82"; classtype:trojan-activity; sid:100003108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.237.15.167"; classtype:trojan-activity; sid:100003109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.3.125.129"; classtype:trojan-activity; sid:100003110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.3.50.11"; classtype:trojan-activity; sid:100003111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.3.71.147"; classtype:trojan-activity; sid:100003112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"221.5.63.12"; classtype:trojan-activity; sid:100003113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.102.109.245"; classtype:trojan-activity; sid:100003114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.103.144.210"; classtype:trojan-activity; sid:100003115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.105.111.185"; classtype:trojan-activity; sid:100003116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.105.145.190"; classtype:trojan-activity; sid:100003117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.107.29.75"; classtype:trojan-activity; sid:100003118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.108.213.30"; classtype:trojan-activity; sid:100003119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.114.95.114"; classtype:trojan-activity; sid:100003120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.121.112.246"; classtype:trojan-activity; sid:100003121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.132.123.43"; classtype:trojan-activity; sid:100003122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.133.171.228"; classtype:trojan-activity; sid:100003123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.133.53.174"; classtype:trojan-activity; sid:100003124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.133.67.84"; classtype:trojan-activity; sid:100003125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.133.70.242"; classtype:trojan-activity; sid:100003126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.162.170"; classtype:trojan-activity; sid:100003127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.162.173"; classtype:trojan-activity; sid:100003128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.162.254"; classtype:trojan-activity; sid:100003129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.163.90"; classtype:trojan-activity; sid:100003130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.172.123"; classtype:trojan-activity; sid:100003131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.172.74"; classtype:trojan-activity; sid:100003132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.173.16"; classtype:trojan-activity; sid:100003133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.174.255"; classtype:trojan-activity; sid:100003134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.175.35"; classtype:trojan-activity; sid:100003135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.134.175.39"; classtype:trojan-activity; sid:100003136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.135.101.27"; classtype:trojan-activity; sid:100003137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.135.56.198"; classtype:trojan-activity; sid:100003138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.136.49.204"; classtype:trojan-activity; sid:100003139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.107.9"; classtype:trojan-activity; sid:100003140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.120.176"; classtype:trojan-activity; sid:100003141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.123.209"; classtype:trojan-activity; sid:100003142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.123.80"; classtype:trojan-activity; sid:100003143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.135.114"; classtype:trojan-activity; sid:100003144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.148.210"; classtype:trojan-activity; sid:100003145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.169.216"; classtype:trojan-activity; sid:100003146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.214.213"; classtype:trojan-activity; sid:100003147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.215.112"; classtype:trojan-activity; sid:100003148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.233.124"; classtype:trojan-activity; sid:100003149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.238.17"; classtype:trojan-activity; sid:100003150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.238.254"; classtype:trojan-activity; sid:100003151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.239.137"; classtype:trojan-activity; sid:100003152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.239.2"; classtype:trojan-activity; sid:100003153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.25.199"; classtype:trojan-activity; sid:100003154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.40.155"; classtype:trojan-activity; sid:100003155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.56.136"; classtype:trojan-activity; sid:100003156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.69.220"; classtype:trojan-activity; sid:100003157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.70.147"; classtype:trojan-activity; sid:100003158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.73.225"; classtype:trojan-activity; sid:100003159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.77.32"; classtype:trojan-activity; sid:100003160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.137.79.160"; classtype:trojan-activity; sid:100003161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.103.28"; classtype:trojan-activity; sid:100003162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.116.116"; classtype:trojan-activity; sid:100003163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.117.165"; classtype:trojan-activity; sid:100003164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.148.219"; classtype:trojan-activity; sid:100003165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.148.71"; classtype:trojan-activity; sid:100003166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.177.186"; classtype:trojan-activity; sid:100003167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.181.252"; classtype:trojan-activity; sid:100003168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.186.217"; classtype:trojan-activity; sid:100003169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.191.125"; classtype:trojan-activity; sid:100003170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.23.241"; classtype:trojan-activity; sid:100003171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.233.30"; classtype:trojan-activity; sid:100003172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.244.123"; classtype:trojan-activity; sid:100003173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.138.96.61"; classtype:trojan-activity; sid:100003174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.139.222.234"; classtype:trojan-activity; sid:100003175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.139.72.180"; classtype:trojan-activity; sid:100003176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.139.86.201"; classtype:trojan-activity; sid:100003177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.140.161.193"; classtype:trojan-activity; sid:100003178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.140.189.91"; classtype:trojan-activity; sid:100003179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.140.211.52"; classtype:trojan-activity; sid:100003180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.140.38.180"; classtype:trojan-activity; sid:100003181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.107.76"; classtype:trojan-activity; sid:100003182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.12.107"; classtype:trojan-activity; sid:100003183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.160.13"; classtype:trojan-activity; sid:100003184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.164.212"; classtype:trojan-activity; sid:100003185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.172.253"; classtype:trojan-activity; sid:100003186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.189.115"; classtype:trojan-activity; sid:100003187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.40.228"; classtype:trojan-activity; sid:100003188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.40.70"; classtype:trojan-activity; sid:100003189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.45.248"; classtype:trojan-activity; sid:100003190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.46.247"; classtype:trojan-activity; sid:100003191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.141.46.90"; classtype:trojan-activity; sid:100003192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.142.119.76"; classtype:trojan-activity; sid:100003193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.142.179.136"; classtype:trojan-activity; sid:100003194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.142.240.47"; classtype:trojan-activity; sid:100003195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.182.55.108"; classtype:trojan-activity; sid:100003196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.185.117.187"; classtype:trojan-activity; sid:100003197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.185.199.33"; classtype:trojan-activity; sid:100003198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.185.208.174"; classtype:trojan-activity; sid:100003199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.187.58.96"; classtype:trojan-activity; sid:100003200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.188.31.204"; classtype:trojan-activity; sid:100003201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.191.189.78"; classtype:trojan-activity; sid:100003202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.191.194.190"; classtype:trojan-activity; sid:100003203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.241.195.64"; classtype:trojan-activity; sid:100003204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.243.14.67"; classtype:trojan-activity; sid:100003205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.245.52.185"; classtype:trojan-activity; sid:100003206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.245.52.42"; classtype:trojan-activity; sid:100003207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.253.45.141"; classtype:trojan-activity; sid:100003208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.76.244.186"; classtype:trojan-activity; sid:100003209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.77.130.125"; classtype:trojan-activity; sid:100003210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.86.134.96"; classtype:trojan-activity; sid:100003211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.90.10.194"; classtype:trojan-activity; sid:100003212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"222.95.66.109"; classtype:trojan-activity; sid:100003213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"223.13.73.165"; classtype:trojan-activity; sid:100003214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"223.146.73.32"; classtype:trojan-activity; sid:100003215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"223.159.88.8"; classtype:trojan-activity; sid:100003216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"223.166.13.87"; classtype:trojan-activity; sid:100003217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"223.196.97.74"; classtype:trojan-activity; sid:100003218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"223.212.75.105"; classtype:trojan-activity; sid:100003219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.115.118.232"; classtype:trojan-activity; sid:100003220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.118.190.23"; classtype:trojan-activity; sid:100003221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.121.154.175"; classtype:trojan-activity; sid:100003222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.124.203.20"; classtype:trojan-activity; sid:100003223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.125.186.135"; classtype:trojan-activity; sid:100003224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.126.120.25"; classtype:trojan-activity; sid:100003225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.228.143.58"; classtype:trojan-activity; sid:100003226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.94.159.204"; classtype:trojan-activity; sid:100003227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.94.159.207"; classtype:trojan-activity; sid:100003228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.94.159.208"; classtype:trojan-activity; sid:100003229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.94.186.250"; classtype:trojan-activity; sid:100003230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.94.199.19"; classtype:trojan-activity; sid:100003231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.94.26.138"; classtype:trojan-activity; sid:100003232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.94.50.159"; classtype:trojan-activity; sid:100003233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.95.191.195"; classtype:trojan-activity; sid:100003234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"23.95.85.181"; classtype:trojan-activity; sid:100003235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.0.90.200"; classtype:trojan-activity; sid:100003236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.10.121.183"; classtype:trojan-activity; sid:100003237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.102.110.151"; classtype:trojan-activity; sid:100003238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.103.74.180"; classtype:trojan-activity; sid:100003239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.11.141.134"; classtype:trojan-activity; sid:100003240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.119.158.74"; classtype:trojan-activity; sid:100003241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.123.182.218"; classtype:trojan-activity; sid:100003242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.137.147.95"; classtype:trojan-activity; sid:100003243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.139.39.207"; classtype:trojan-activity; sid:100003244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.145.18.45"; classtype:trojan-activity; sid:100003245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.151.66.229"; classtype:trojan-activity; sid:100003246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.158.25.98"; classtype:trojan-activity; sid:100003247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.176.184.138"; classtype:trojan-activity; sid:100003248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.176.206.12"; classtype:trojan-activity; sid:100003249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.184.1.41"; classtype:trojan-activity; sid:100003250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.187.189.68"; classtype:trojan-activity; sid:100003251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.189.237.246"; classtype:trojan-activity; sid:100003252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.192.191.109"; classtype:trojan-activity; sid:100003253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.24.128.154"; classtype:trojan-activity; sid:100003254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.30.95.55"; classtype:trojan-activity; sid:100003255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.39.181.18"; classtype:trojan-activity; sid:100003256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.39.34.242"; classtype:trojan-activity; sid:100003257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.42.229.143"; classtype:trojan-activity; sid:100003258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.53.163.10"; classtype:trojan-activity; sid:100003259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.68.127.176"; classtype:trojan-activity; sid:100003260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.85.246.47"; classtype:trojan-activity; sid:100003261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.85.29.177"; classtype:trojan-activity; sid:100003262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.88.169.93"; classtype:trojan-activity; sid:100003263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.90.65.75"; classtype:trojan-activity; sid:100003264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24.90.88.77"; classtype:trojan-activity; sid:100003265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.1.225.116"; classtype:trojan-activity; sid:100003266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.105.106.201"; classtype:trojan-activity; sid:100003267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.112.68.91"; classtype:trojan-activity; sid:100003268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.12.18.101"; classtype:trojan-activity; sid:100003269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.139.134.196"; classtype:trojan-activity; sid:100003270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.14.209.106"; classtype:trojan-activity; sid:100003271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.147.29.52"; classtype:trojan-activity; sid:100003272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.147.40.128"; classtype:trojan-activity; sid:100003273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.147.54.167"; classtype:trojan-activity; sid:100003274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.153.130.223"; classtype:trojan-activity; sid:100003275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.158.243.93"; classtype:trojan-activity; sid:100003276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.184.123.224"; classtype:trojan-activity; sid:100003277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.184.216.187"; classtype:trojan-activity; sid:100003278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.191.54.194"; classtype:trojan-activity; sid:100003279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.193.15.185"; classtype:trojan-activity; sid:100003280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.193.203.220"; classtype:trojan-activity; sid:100003281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.193.206.28"; classtype:trojan-activity; sid:100003282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.193.37.69"; classtype:trojan-activity; sid:100003283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.193.42.66"; classtype:trojan-activity; sid:100003284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.194.115.185"; classtype:trojan-activity; sid:100003285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.194.115.218"; classtype:trojan-activity; sid:100003286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.194.122.23"; classtype:trojan-activity; sid:100003287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.194.132.163"; classtype:trojan-activity; sid:100003288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.194.137.229"; classtype:trojan-activity; sid:100003289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.194.177.215"; classtype:trojan-activity; sid:100003290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.194.188.202"; classtype:trojan-activity; sid:100003291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.197.15.100"; classtype:trojan-activity; sid:100003292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.197.210.225"; classtype:trojan-activity; sid:100003293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.197.24.223"; classtype:trojan-activity; sid:100003294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.197.246.76"; classtype:trojan-activity; sid:100003295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.197.90.63"; classtype:trojan-activity; sid:100003296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.198.229.217"; classtype:trojan-activity; sid:100003297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.199.148.62"; classtype:trojan-activity; sid:100003298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.199.167.50"; classtype:trojan-activity; sid:100003299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.199.237.162"; classtype:trojan-activity; sid:100003300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.199.39.189"; classtype:trojan-activity; sid:100003301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.200.1.157"; classtype:trojan-activity; sid:100003302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.200.194.246"; classtype:trojan-activity; sid:100003303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.200.217.33"; classtype:trojan-activity; sid:100003304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.200.249.199"; classtype:trojan-activity; sid:100003305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.200.251.101"; classtype:trojan-activity; sid:100003306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.202.112.228"; classtype:trojan-activity; sid:100003307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.202.136.242"; classtype:trojan-activity; sid:100003308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.202.162.227"; classtype:trojan-activity; sid:100003309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.202.38.51"; classtype:trojan-activity; sid:100003310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.146.153"; classtype:trojan-activity; sid:100003311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.148.216"; classtype:trojan-activity; sid:100003312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.18.162"; classtype:trojan-activity; sid:100003313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.189.136"; classtype:trojan-activity; sid:100003314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.203.231"; classtype:trojan-activity; sid:100003315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.205.239"; classtype:trojan-activity; sid:100003316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.216.230"; classtype:trojan-activity; sid:100003317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.227.237"; classtype:trojan-activity; sid:100003318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.235.128"; classtype:trojan-activity; sid:100003319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.249.93"; classtype:trojan-activity; sid:100003320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.255.202"; classtype:trojan-activity; sid:100003321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.31.246"; classtype:trojan-activity; sid:100003322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.6.90"; classtype:trojan-activity; sid:100003323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.92.198"; classtype:trojan-activity; sid:100003324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.203.98.46"; classtype:trojan-activity; sid:100003325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.204.238.86"; classtype:trojan-activity; sid:100003326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.117.126"; classtype:trojan-activity; sid:100003327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.12.75"; classtype:trojan-activity; sid:100003328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.15.243"; classtype:trojan-activity; sid:100003329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.153.17"; classtype:trojan-activity; sid:100003330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.158.62"; classtype:trojan-activity; sid:100003331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.171.24"; classtype:trojan-activity; sid:100003332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.188.122"; classtype:trojan-activity; sid:100003333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.188.61"; classtype:trojan-activity; sid:100003334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.191.47"; classtype:trojan-activity; sid:100003335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.214.97"; classtype:trojan-activity; sid:100003336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.218.62"; classtype:trojan-activity; sid:100003337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.255.76"; classtype:trojan-activity; sid:100003338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.27.196"; classtype:trojan-activity; sid:100003339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.54.49"; classtype:trojan-activity; sid:100003340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.81.88"; classtype:trojan-activity; sid:100003341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.84.95"; classtype:trojan-activity; sid:100003342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.206.87.139"; classtype:trojan-activity; sid:100003343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.207.193.112"; classtype:trojan-activity; sid:100003344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.104.38"; classtype:trojan-activity; sid:100003345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.117.153"; classtype:trojan-activity; sid:100003346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.144.117"; classtype:trojan-activity; sid:100003347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.148.193"; classtype:trojan-activity; sid:100003348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.155.7"; classtype:trojan-activity; sid:100003349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.164.142"; classtype:trojan-activity; sid:100003350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.17.56"; classtype:trojan-activity; sid:100003351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.193.2"; classtype:trojan-activity; sid:100003352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.200.25"; classtype:trojan-activity; sid:100003353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.201.61"; classtype:trojan-activity; sid:100003354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.221.3"; classtype:trojan-activity; sid:100003355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.34.2"; classtype:trojan-activity; sid:100003356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.50.33"; classtype:trojan-activity; sid:100003357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.83.115"; classtype:trojan-activity; sid:100003358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.208.83.187"; classtype:trojan-activity; sid:100003359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.209.152.113"; classtype:trojan-activity; sid:100003360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.209.255.175"; classtype:trojan-activity; sid:100003361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.209.5.225"; classtype:trojan-activity; sid:100003362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.209.67.93"; classtype:trojan-activity; sid:100003363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.209.96.225"; classtype:trojan-activity; sid:100003364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.209.97.33"; classtype:trojan-activity; sid:100003365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.21.150.170"; classtype:trojan-activity; sid:100003366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.21.170.34"; classtype:trojan-activity; sid:100003367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.210.111.193"; classtype:trojan-activity; sid:100003368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.210.216.112"; classtype:trojan-activity; sid:100003369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.210.27.223"; classtype:trojan-activity; sid:100003370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.210.39.166"; classtype:trojan-activity; sid:100003371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.210.5.83"; classtype:trojan-activity; sid:100003372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.134.88"; classtype:trojan-activity; sid:100003373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.167.84"; classtype:trojan-activity; sid:100003374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.171.16"; classtype:trojan-activity; sid:100003375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.209.178"; classtype:trojan-activity; sid:100003376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.26.88"; classtype:trojan-activity; sid:100003377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.32.174"; classtype:trojan-activity; sid:100003378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.35.76"; classtype:trojan-activity; sid:100003379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.42.119"; classtype:trojan-activity; sid:100003380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.63.134"; classtype:trojan-activity; sid:100003381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.80.31"; classtype:trojan-activity; sid:100003382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.91.199"; classtype:trojan-activity; sid:100003383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.213.95.204"; classtype:trojan-activity; sid:100003384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.214.73.118"; classtype:trojan-activity; sid:100003385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.109.51"; classtype:trojan-activity; sid:100003386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.110.157"; classtype:trojan-activity; sid:100003387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.110.70"; classtype:trojan-activity; sid:100003388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.114.223"; classtype:trojan-activity; sid:100003389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.115.147"; classtype:trojan-activity; sid:100003390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.115.225"; classtype:trojan-activity; sid:100003391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.123.163"; classtype:trojan-activity; sid:100003392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.123.237"; classtype:trojan-activity; sid:100003393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.124.159"; classtype:trojan-activity; sid:100003394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.124.31"; classtype:trojan-activity; sid:100003395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.125.104"; classtype:trojan-activity; sid:100003396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.126.205"; classtype:trojan-activity; sid:100003397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.126.251"; classtype:trojan-activity; sid:100003398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.126.97"; classtype:trojan-activity; sid:100003399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.129.224"; classtype:trojan-activity; sid:100003400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.136.226"; classtype:trojan-activity; sid:100003401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.141.82"; classtype:trojan-activity; sid:100003402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.142.19"; classtype:trojan-activity; sid:100003403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.143.151"; classtype:trojan-activity; sid:100003404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.156.115"; classtype:trojan-activity; sid:100003405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.176.3"; classtype:trojan-activity; sid:100003406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.180.244"; classtype:trojan-activity; sid:100003407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.183.42"; classtype:trojan-activity; sid:100003408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.208.104"; classtype:trojan-activity; sid:100003409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.211.218"; classtype:trojan-activity; sid:100003410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.215.240"; classtype:trojan-activity; sid:100003411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.244.148"; classtype:trojan-activity; sid:100003412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.244.78"; classtype:trojan-activity; sid:100003413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.27.247"; classtype:trojan-activity; sid:100003414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.48.206"; classtype:trojan-activity; sid:100003415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.48.83"; classtype:trojan-activity; sid:100003416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.51.196"; classtype:trojan-activity; sid:100003417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.51.234"; classtype:trojan-activity; sid:100003418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.52.191"; classtype:trojan-activity; sid:100003419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.53.174"; classtype:trojan-activity; sid:100003420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.53.210"; classtype:trojan-activity; sid:100003421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.55.172"; classtype:trojan-activity; sid:100003422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.55.181"; classtype:trojan-activity; sid:100003423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.56.73"; classtype:trojan-activity; sid:100003424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.62.209"; classtype:trojan-activity; sid:100003425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.77.214"; classtype:trojan-activity; sid:100003426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.77.56"; classtype:trojan-activity; sid:100003427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.80.219"; classtype:trojan-activity; sid:100003428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.81.86"; classtype:trojan-activity; sid:100003429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.83.220"; classtype:trojan-activity; sid:100003430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.83.52"; classtype:trojan-activity; sid:100003431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.85.14"; classtype:trojan-activity; sid:100003432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.215.85.79"; classtype:trojan-activity; sid:100003433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.216.214.253"; classtype:trojan-activity; sid:100003434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.216.55.250"; classtype:trojan-activity; sid:100003435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.216.59.137"; classtype:trojan-activity; sid:100003436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.216.6.116"; classtype:trojan-activity; sid:100003437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.216.91.122"; classtype:trojan-activity; sid:100003438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.217.150.86"; classtype:trojan-activity; sid:100003439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.217.2.71"; classtype:trojan-activity; sid:100003440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.217.200.43"; classtype:trojan-activity; sid:100003441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.217.203.113"; classtype:trojan-activity; sid:100003442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.217.243.163"; classtype:trojan-activity; sid:100003443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.217.50.20"; classtype:trojan-activity; sid:100003444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.217.74.3"; classtype:trojan-activity; sid:100003445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.218.155.185"; classtype:trojan-activity; sid:100003446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.218.181.88"; classtype:trojan-activity; sid:100003447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.218.227.11"; classtype:trojan-activity; sid:100003448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.218.8.26"; classtype:trojan-activity; sid:100003449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.219.130.234"; classtype:trojan-activity; sid:100003450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.219.177.158"; classtype:trojan-activity; sid:100003451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.219.186.7"; classtype:trojan-activity; sid:100003452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.219.190.121"; classtype:trojan-activity; sid:100003453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.219.27.83"; classtype:trojan-activity; sid:100003454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.219.84.237"; classtype:trojan-activity; sid:100003455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.219.99.103"; classtype:trojan-activity; sid:100003456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.0.26"; classtype:trojan-activity; sid:100003457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.1.71"; classtype:trojan-activity; sid:100003458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.126.26"; classtype:trojan-activity; sid:100003459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.137.60"; classtype:trojan-activity; sid:100003460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.215.176"; classtype:trojan-activity; sid:100003461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.233.180"; classtype:trojan-activity; sid:100003462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.45.121"; classtype:trojan-activity; sid:100003463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.74.219"; classtype:trojan-activity; sid:100003464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.80.134"; classtype:trojan-activity; sid:100003465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.90.239"; classtype:trojan-activity; sid:100003466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.220.93.163"; classtype:trojan-activity; sid:100003467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.221.184.120"; classtype:trojan-activity; sid:100003468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.221.238.21"; classtype:trojan-activity; sid:100003469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.221.244.153"; classtype:trojan-activity; sid:100003470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.222.134.96"; classtype:trojan-activity; sid:100003471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.222.182.51"; classtype:trojan-activity; sid:100003472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.222.251.66"; classtype:trojan-activity; sid:100003473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.222.49.249"; classtype:trojan-activity; sid:100003474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.223.151.93"; classtype:trojan-activity; sid:100003475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.223.189.130"; classtype:trojan-activity; sid:100003476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.29.33.115"; classtype:trojan-activity; sid:100003477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.35.122.65"; classtype:trojan-activity; sid:100003478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.35.129.198"; classtype:trojan-activity; sid:100003479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.35.154.75"; classtype:trojan-activity; sid:100003480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.35.58.5"; classtype:trojan-activity; sid:100003481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.14.7"; classtype:trojan-activity; sid:100003482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.197.184"; classtype:trojan-activity; sid:100003483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.199.0"; classtype:trojan-activity; sid:100003484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.208.86"; classtype:trojan-activity; sid:100003485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.209.19"; classtype:trojan-activity; sid:100003486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.210.90"; classtype:trojan-activity; sid:100003487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.211.41"; classtype:trojan-activity; sid:100003488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.37.227.29"; classtype:trojan-activity; sid:100003489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.38.124.250"; classtype:trojan-activity; sid:100003490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.38.182.192"; classtype:trojan-activity; sid:100003491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.100.196"; classtype:trojan-activity; sid:100003492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.101.134"; classtype:trojan-activity; sid:100003493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.103.146"; classtype:trojan-activity; sid:100003494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.103.72"; classtype:trojan-activity; sid:100003495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.113.60"; classtype:trojan-activity; sid:100003496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.119.75"; classtype:trojan-activity; sid:100003497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.120.107"; classtype:trojan-activity; sid:100003498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.123.4"; classtype:trojan-activity; sid:100003499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.73.83"; classtype:trojan-activity; sid:100003500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.75.71"; classtype:trojan-activity; sid:100003501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.77.10"; classtype:trojan-activity; sid:100003502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.78.223"; classtype:trojan-activity; sid:100003503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.78.75"; classtype:trojan-activity; sid:100003504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.86.81"; classtype:trojan-activity; sid:100003505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.88.194"; classtype:trojan-activity; sid:100003506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.40.89.178"; classtype:trojan-activity; sid:100003507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.41.11.117"; classtype:trojan-activity; sid:100003508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.41.3.36"; classtype:trojan-activity; sid:100003509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.41.37.75"; classtype:trojan-activity; sid:100003510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.41.38.33"; classtype:trojan-activity; sid:100003511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.108.153"; classtype:trojan-activity; sid:100003512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.108.84"; classtype:trojan-activity; sid:100003513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.109.138"; classtype:trojan-activity; sid:100003514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.109.54"; classtype:trojan-activity; sid:100003515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.111.190"; classtype:trojan-activity; sid:100003516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.112.157"; classtype:trojan-activity; sid:100003517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.112.17"; classtype:trojan-activity; sid:100003518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.120.213"; classtype:trojan-activity; sid:100003519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.120.86"; classtype:trojan-activity; sid:100003520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.43.125.31"; classtype:trojan-activity; sid:100003521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.10.251"; classtype:trojan-activity; sid:100003522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.110.110"; classtype:trojan-activity; sid:100003523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.115.173"; classtype:trojan-activity; sid:100003524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.116.200"; classtype:trojan-activity; sid:100003525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.117.239"; classtype:trojan-activity; sid:100003526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.12.21"; classtype:trojan-activity; sid:100003527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.13.1"; classtype:trojan-activity; sid:100003528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.13.154"; classtype:trojan-activity; sid:100003529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.14.60"; classtype:trojan-activity; sid:100003530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.15.111"; classtype:trojan-activity; sid:100003531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.36.122"; classtype:trojan-activity; sid:100003532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.39.252"; classtype:trojan-activity; sid:100003533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.56.47"; classtype:trojan-activity; sid:100003534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.57.238"; classtype:trojan-activity; sid:100003535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.57.33"; classtype:trojan-activity; sid:100003536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.58.122"; classtype:trojan-activity; sid:100003537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.59.103"; classtype:trojan-activity; sid:100003538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.59.239"; classtype:trojan-activity; sid:100003539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.88.116"; classtype:trojan-activity; sid:100003540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.88.252"; classtype:trojan-activity; sid:100003541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.89.243"; classtype:trojan-activity; sid:100003542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.89.69"; classtype:trojan-activity; sid:100003543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.9.126"; classtype:trojan-activity; sid:100003544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.9.211"; classtype:trojan-activity; sid:100003545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.90.108"; classtype:trojan-activity; sid:100003546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.90.18"; classtype:trojan-activity; sid:100003547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.90.32"; classtype:trojan-activity; sid:100003548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.45.92.93"; classtype:trojan-activity; sid:100003549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.42.35"; classtype:trojan-activity; sid:100003550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.43.72"; classtype:trojan-activity; sid:100003551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.44.186"; classtype:trojan-activity; sid:100003552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.44.21"; classtype:trojan-activity; sid:100003553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.44.224"; classtype:trojan-activity; sid:100003554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.44.77"; classtype:trojan-activity; sid:100003555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.46.36"; classtype:trojan-activity; sid:100003556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.53.249"; classtype:trojan-activity; sid:100003557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.55.173"; classtype:trojan-activity; sid:100003558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.55.35"; classtype:trojan-activity; sid:100003559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.46.8.95"; classtype:trojan-activity; sid:100003560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.47.113.82"; classtype:trojan-activity; sid:100003561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.47.120.123"; classtype:trojan-activity; sid:100003562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.48.138.13"; classtype:trojan-activity; sid:100003563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.5.38.196"; classtype:trojan-activity; sid:100003564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.5.46.120"; classtype:trojan-activity; sid:100003565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.6.103.58"; classtype:trojan-activity; sid:100003566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.6.195.197"; classtype:trojan-activity; sid:100003567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.6.195.202"; classtype:trojan-activity; sid:100003568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.6.200.131"; classtype:trojan-activity; sid:100003569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.77.18.212"; classtype:trojan-activity; sid:100003570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.8.192.243"; classtype:trojan-activity; sid:100003571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.8.248.83"; classtype:trojan-activity; sid:100003572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.8.55.34"; classtype:trojan-activity; sid:100003573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"27.9.73.4"; classtype:trojan-activity; sid:100003574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.0.98.131"; classtype:trojan-activity; sid:100003575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.13.23.180"; classtype:trojan-activity; sid:100003576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.163.166.233"; classtype:trojan-activity; sid:100003577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.104.102"; classtype:trojan-activity; sid:100003578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.146.199"; classtype:trojan-activity; sid:100003579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.16.68"; classtype:trojan-activity; sid:100003580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.179.83"; classtype:trojan-activity; sid:100003581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.184.59"; classtype:trojan-activity; sid:100003582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.194.67"; classtype:trojan-activity; sid:100003583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.216.132"; classtype:trojan-activity; sid:100003584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.219.28"; classtype:trojan-activity; sid:100003585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.30.65"; classtype:trojan-activity; sid:100003586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.60.234"; classtype:trojan-activity; sid:100003587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.63.146"; classtype:trojan-activity; sid:100003588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.168.65.233"; classtype:trojan-activity; sid:100003589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.179.201.26"; classtype:trojan-activity; sid:100003590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.181.2.199"; classtype:trojan-activity; sid:100003591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.210.182.56"; classtype:trojan-activity; sid:100003592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.210.20.142"; classtype:trojan-activity; sid:100003593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.28.105.39"; classtype:trojan-activity; sid:100003594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.28.7.159"; classtype:trojan-activity; sid:100003595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"31.63.229.52"; classtype:trojan-activity; sid:100003596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"32.218.180.9"; classtype:trojan-activity; sid:100003597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"35.131.161.166"; classtype:trojan-activity; sid:100003598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.107.210.48"; classtype:trojan-activity; sid:100003599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.24.47.35"; classtype:trojan-activity; sid:100003600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.25.132.141"; classtype:trojan-activity; sid:100003601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.251.48.130"; classtype:trojan-activity; sid:100003602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.251.61.182"; classtype:trojan-activity; sid:100003603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.32.30.103"; classtype:trojan-activity; sid:100003604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.33.128.8"; classtype:trojan-activity; sid:100003605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.33.130.55"; classtype:trojan-activity; sid:100003606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.33.138.242"; classtype:trojan-activity; sid:100003607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.33.140.134"; classtype:trojan-activity; sid:100003608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.33.62.159"; classtype:trojan-activity; sid:100003609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.34.181.246"; classtype:trojan-activity; sid:100003610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.34.233.67"; classtype:trojan-activity; sid:100003611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.35.147.226"; classtype:trojan-activity; sid:100003612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.36.242.175"; classtype:trojan-activity; sid:100003613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.36.243.80"; classtype:trojan-activity; sid:100003614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.43.65.246"; classtype:trojan-activity; sid:100003615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.66.105.159"; classtype:trojan-activity; sid:100003616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.66.133.125"; classtype:trojan-activity; sid:100003617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.66.139.36"; classtype:trojan-activity; sid:100003618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.89.18.133"; classtype:trojan-activity; sid:100003619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.89.18.195"; classtype:trojan-activity; sid:100003620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.91.90.171"; classtype:trojan-activity; sid:100003621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"36.96.14.58"; classtype:trojan-activity; sid:100003622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"360down7.miiyun.cn"; classtype:trojan-activity; sid:100003623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.120.247.34"; classtype:trojan-activity; sid:100003624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.142.32.162"; classtype:trojan-activity; sid:100003625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.193.26.66"; classtype:trojan-activity; sid:100003626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.233.60.68"; classtype:trojan-activity; sid:100003627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.33.18.133"; classtype:trojan-activity; sid:100003628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.34.179.221"; classtype:trojan-activity; sid:100003629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.34.180.172"; classtype:trojan-activity; sid:100003630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.44.238.35"; classtype:trojan-activity; sid:100003631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.54.100.5"; classtype:trojan-activity; sid:100003632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.54.14.36"; classtype:trojan-activity; sid:100003633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.54.71.79"; classtype:trojan-activity; sid:100003634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"37.55.141.180"; classtype:trojan-activity; sid:100003635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"38.10.147.109"; classtype:trojan-activity; sid:100003636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.107.225.220"; classtype:trojan-activity; sid:100003637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.113.245.254"; classtype:trojan-activity; sid:100003638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.65.166.53"; classtype:trojan-activity; sid:100003639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.65.241.172"; classtype:trojan-activity; sid:100003640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.65.244.128"; classtype:trojan-activity; sid:100003641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.65.49.57"; classtype:trojan-activity; sid:100003642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.66.172.35"; classtype:trojan-activity; sid:100003643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.66.73.50"; classtype:trojan-activity; sid:100003644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.67.146.157"; classtype:trojan-activity; sid:100003645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.67.18.6"; classtype:trojan-activity; sid:100003646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.67.181.97"; classtype:trojan-activity; sid:100003647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.67.182.163"; classtype:trojan-activity; sid:100003648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.67.254.140"; classtype:trojan-activity; sid:100003649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.67.85.91"; classtype:trojan-activity; sid:100003650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.67.86.79"; classtype:trojan-activity; sid:100003651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.68.152.42"; classtype:trojan-activity; sid:100003652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.68.155.34"; classtype:trojan-activity; sid:100003653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.68.186.197"; classtype:trojan-activity; sid:100003654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.68.242.109"; classtype:trojan-activity; sid:100003655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.68.30.141"; classtype:trojan-activity; sid:100003656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.70.4.103"; classtype:trojan-activity; sid:100003657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.71.52.133"; classtype:trojan-activity; sid:100003658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.72.148.186"; classtype:trojan-activity; sid:100003659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.72.2.109"; classtype:trojan-activity; sid:100003660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.10.46"; classtype:trojan-activity; sid:100003661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.123.121"; classtype:trojan-activity; sid:100003662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.133.252"; classtype:trojan-activity; sid:100003663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.165.173"; classtype:trojan-activity; sid:100003664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.207.253"; classtype:trojan-activity; sid:100003665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.39.210"; classtype:trojan-activity; sid:100003666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.40.37"; classtype:trojan-activity; sid:100003667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.78.184"; classtype:trojan-activity; sid:100003668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.73.92.69"; classtype:trojan-activity; sid:100003669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.74.190.219"; classtype:trojan-activity; sid:100003670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.74.219.218"; classtype:trojan-activity; sid:100003671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.74.55.213"; classtype:trojan-activity; sid:100003672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.74.61.188"; classtype:trojan-activity; sid:100003673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.74.62.11"; classtype:trojan-activity; sid:100003674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.74.68.90"; classtype:trojan-activity; sid:100003675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.76.37.87"; classtype:trojan-activity; sid:100003676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.77.181.110"; classtype:trojan-activity; sid:100003677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.77.208.78"; classtype:trojan-activity; sid:100003678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.77.250.103"; classtype:trojan-activity; sid:100003679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.77.78.141"; classtype:trojan-activity; sid:100003680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.79.108.182"; classtype:trojan-activity; sid:100003681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.79.109.190"; classtype:trojan-activity; sid:100003682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.79.122.191"; classtype:trojan-activity; sid:100003683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.79.251.52"; classtype:trojan-activity; sid:100003684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.79.74.95"; classtype:trojan-activity; sid:100003685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.80.163.42"; classtype:trojan-activity; sid:100003686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.80.171.86"; classtype:trojan-activity; sid:100003687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.80.187.132"; classtype:trojan-activity; sid:100003688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.80.195.251"; classtype:trojan-activity; sid:100003689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.80.203.241"; classtype:trojan-activity; sid:100003690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.80.36.48"; classtype:trojan-activity; sid:100003691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.81.252.129"; classtype:trojan-activity; sid:100003692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.81.41.2"; classtype:trojan-activity; sid:100003693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.81.6.165"; classtype:trojan-activity; sid:100003694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.81.68.45"; classtype:trojan-activity; sid:100003695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.81.76.85"; classtype:trojan-activity; sid:100003696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.82.149.235"; classtype:trojan-activity; sid:100003697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.83.115.167"; classtype:trojan-activity; sid:100003698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.83.117.141"; classtype:trojan-activity; sid:100003699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.83.193.153"; classtype:trojan-activity; sid:100003700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.83.27.15"; classtype:trojan-activity; sid:100003701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.83.58.155"; classtype:trojan-activity; sid:100003702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.84.163.245"; classtype:trojan-activity; sid:100003703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.84.193.181"; classtype:trojan-activity; sid:100003704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.84.3.0"; classtype:trojan-activity; sid:100003705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.84.60.62"; classtype:trojan-activity; sid:100003706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.85.126.157"; classtype:trojan-activity; sid:100003707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.85.197.222"; classtype:trojan-activity; sid:100003708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.85.197.33"; classtype:trojan-activity; sid:100003709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.108.98"; classtype:trojan-activity; sid:100003710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.154.176"; classtype:trojan-activity; sid:100003711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.184.186"; classtype:trojan-activity; sid:100003712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.35.32"; classtype:trojan-activity; sid:100003713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.41.12"; classtype:trojan-activity; sid:100003714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.5.239"; classtype:trojan-activity; sid:100003715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.63.137"; classtype:trojan-activity; sid:100003716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.86.66.194"; classtype:trojan-activity; sid:100003717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.87.18.226"; classtype:trojan-activity; sid:100003718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.87.197.249"; classtype:trojan-activity; sid:100003719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.109.32"; classtype:trojan-activity; sid:100003720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.120.172"; classtype:trojan-activity; sid:100003721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.121.30"; classtype:trojan-activity; sid:100003722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.122.253"; classtype:trojan-activity; sid:100003723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.136.248"; classtype:trojan-activity; sid:100003724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.147.81"; classtype:trojan-activity; sid:100003725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.186.253"; classtype:trojan-activity; sid:100003726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.219.14"; classtype:trojan-activity; sid:100003727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.88.84.164"; classtype:trojan-activity; sid:100003728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.89.149.140"; classtype:trojan-activity; sid:100003729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.89.209.27"; classtype:trojan-activity; sid:100003730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.130.44"; classtype:trojan-activity; sid:100003731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.147.184"; classtype:trojan-activity; sid:100003732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.147.78"; classtype:trojan-activity; sid:100003733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.150.128"; classtype:trojan-activity; sid:100003734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.173.44"; classtype:trojan-activity; sid:100003735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.178.188"; classtype:trojan-activity; sid:100003736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.185.253"; classtype:trojan-activity; sid:100003737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.185.45"; classtype:trojan-activity; sid:100003738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.185.52"; classtype:trojan-activity; sid:100003739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.187.130"; classtype:trojan-activity; sid:100003740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.90.187.131"; classtype:trojan-activity; sid:100003741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"39.97.212.218"; classtype:trojan-activity; sid:100003742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"40.74.82.240"; classtype:trojan-activity; sid:100003743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.139.209.46"; classtype:trojan-activity; sid:100003744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.165.130.43"; classtype:trojan-activity; sid:100003745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.190.63.174"; classtype:trojan-activity; sid:100003746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.215.244.66"; classtype:trojan-activity; sid:100003747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.226.60.138"; classtype:trojan-activity; sid:100003748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.230.17.135"; classtype:trojan-activity; sid:100003749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.230.31.58"; classtype:trojan-activity; sid:100003750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.251.248.90"; classtype:trojan-activity; sid:100003751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.104"; classtype:trojan-activity; sid:100003752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.105"; classtype:trojan-activity; sid:100003753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.106"; classtype:trojan-activity; sid:100003754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.107"; classtype:trojan-activity; sid:100003755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.108"; classtype:trojan-activity; sid:100003756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.109"; classtype:trojan-activity; sid:100003757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.110"; classtype:trojan-activity; sid:100003758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.39.34.111"; classtype:trojan-activity; sid:100003759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.72.203.82"; classtype:trojan-activity; sid:100003760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.78.172.77"; classtype:trojan-activity; sid:100003761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.18.150"; classtype:trojan-activity; sid:100003762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.18.166"; classtype:trojan-activity; sid:100003763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.18.170"; classtype:trojan-activity; sid:100003764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.18.172"; classtype:trojan-activity; sid:100003765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.18.200"; classtype:trojan-activity; sid:100003766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.18.212"; classtype:trojan-activity; sid:100003767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.18.35"; classtype:trojan-activity; sid:100003768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.19.146"; classtype:trojan-activity; sid:100003769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.19.152"; classtype:trojan-activity; sid:100003770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.19.85"; classtype:trojan-activity; sid:100003771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.21.12"; classtype:trojan-activity; sid:100003772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.21.27"; classtype:trojan-activity; sid:100003773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.21.38"; classtype:trojan-activity; sid:100003774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.21.4"; classtype:trojan-activity; sid:100003775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.5.142"; classtype:trojan-activity; sid:100003776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.5.164"; classtype:trojan-activity; sid:100003777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"41.86.5.42"; classtype:trojan-activity; sid:100003778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.180.206.145"; classtype:trojan-activity; sid:100003779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.2.69.148"; classtype:trojan-activity; sid:100003780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.202.100.124"; classtype:trojan-activity; sid:100003781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.202.101.194"; classtype:trojan-activity; sid:100003782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.202.101.237"; classtype:trojan-activity; sid:100003783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.101.235"; classtype:trojan-activity; sid:100003784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.118.149"; classtype:trojan-activity; sid:100003785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.130.224"; classtype:trojan-activity; sid:100003786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.145.202"; classtype:trojan-activity; sid:100003787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.15.66"; classtype:trojan-activity; sid:100003788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.155.223"; classtype:trojan-activity; sid:100003789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.168.33"; classtype:trojan-activity; sid:100003790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.171.227"; classtype:trojan-activity; sid:100003791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.171.231"; classtype:trojan-activity; sid:100003792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.175.155"; classtype:trojan-activity; sid:100003793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.176.236"; classtype:trojan-activity; sid:100003794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.178.70"; classtype:trojan-activity; sid:100003795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.18.29"; classtype:trojan-activity; sid:100003796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.188.215"; classtype:trojan-activity; sid:100003797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.19.150"; classtype:trojan-activity; sid:100003798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.211.212"; classtype:trojan-activity; sid:100003799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.222.46"; classtype:trojan-activity; sid:100003800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.23.85"; classtype:trojan-activity; sid:100003801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.248.106"; classtype:trojan-activity; sid:100003802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.254.56"; classtype:trojan-activity; sid:100003803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.28.60"; classtype:trojan-activity; sid:100003804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.37.187"; classtype:trojan-activity; sid:100003805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.56.168"; classtype:trojan-activity; sid:100003806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.6.226"; classtype:trojan-activity; sid:100003807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.63.28"; classtype:trojan-activity; sid:100003808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.64.119"; classtype:trojan-activity; sid:100003809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.66.173"; classtype:trojan-activity; sid:100003810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.67.56"; classtype:trojan-activity; sid:100003811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.67.74"; classtype:trojan-activity; sid:100003812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.7.29"; classtype:trojan-activity; sid:100003813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.75.148"; classtype:trojan-activity; sid:100003814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.78.65"; classtype:trojan-activity; sid:100003815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.224.78.96"; classtype:trojan-activity; sid:100003816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.225.13.147"; classtype:trojan-activity; sid:100003817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.225.141.189"; classtype:trojan-activity; sid:100003818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.225.206.235"; classtype:trojan-activity; sid:100003819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.225.229.86"; classtype:trojan-activity; sid:100003820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.225.9.129"; classtype:trojan-activity; sid:100003821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.226.120.151"; classtype:trojan-activity; sid:100003822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.226.72.199"; classtype:trojan-activity; sid:100003823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.130.217"; classtype:trojan-activity; sid:100003824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.157.232"; classtype:trojan-activity; sid:100003825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.166.11"; classtype:trojan-activity; sid:100003826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.166.183"; classtype:trojan-activity; sid:100003827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.196.6"; classtype:trojan-activity; sid:100003828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.206.203"; classtype:trojan-activity; sid:100003829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.237.101"; classtype:trojan-activity; sid:100003830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.242.249"; classtype:trojan-activity; sid:100003831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.246.56"; classtype:trojan-activity; sid:100003832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.251.238"; classtype:trojan-activity; sid:100003833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.227.53.64"; classtype:trojan-activity; sid:100003834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.120.60"; classtype:trojan-activity; sid:100003835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.123.84"; classtype:trojan-activity; sid:100003836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.127.155"; classtype:trojan-activity; sid:100003837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.197.146"; classtype:trojan-activity; sid:100003838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.218.17"; classtype:trojan-activity; sid:100003839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.244.181"; classtype:trojan-activity; sid:100003840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.35.3"; classtype:trojan-activity; sid:100003841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.35.68"; classtype:trojan-activity; sid:100003842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.38.168"; classtype:trojan-activity; sid:100003843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.43.122"; classtype:trojan-activity; sid:100003844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.43.233"; classtype:trojan-activity; sid:100003845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.72.56"; classtype:trojan-activity; sid:100003846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.78.14"; classtype:trojan-activity; sid:100003847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.228.78.55"; classtype:trojan-activity; sid:100003848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.229.150.194"; classtype:trojan-activity; sid:100003849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.229.179.198"; classtype:trojan-activity; sid:100003850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.229.179.205"; classtype:trojan-activity; sid:100003851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.229.180.181"; classtype:trojan-activity; sid:100003852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.229.195.223"; classtype:trojan-activity; sid:100003853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.107.86"; classtype:trojan-activity; sid:100003854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.123.141"; classtype:trojan-activity; sid:100003855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.123.211"; classtype:trojan-activity; sid:100003856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.130.216"; classtype:trojan-activity; sid:100003857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.141.42"; classtype:trojan-activity; sid:100003858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.213.190"; classtype:trojan-activity; sid:100003859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.218.252"; classtype:trojan-activity; sid:100003860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.40.22"; classtype:trojan-activity; sid:100003861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.56.8"; classtype:trojan-activity; sid:100003862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.80.244"; classtype:trojan-activity; sid:100003863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.80.54"; classtype:trojan-activity; sid:100003864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.93.201"; classtype:trojan-activity; sid:100003865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.230.96.102"; classtype:trojan-activity; sid:100003866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.105.105"; classtype:trojan-activity; sid:100003867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.209.108"; classtype:trojan-activity; sid:100003868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.228.85"; classtype:trojan-activity; sid:100003869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.240.189"; classtype:trojan-activity; sid:100003870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.243.161"; classtype:trojan-activity; sid:100003871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.249.125"; classtype:trojan-activity; sid:100003872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.69.45"; classtype:trojan-activity; sid:100003873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.69.66"; classtype:trojan-activity; sid:100003874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.231.91.169"; classtype:trojan-activity; sid:100003875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.232.224.138"; classtype:trojan-activity; sid:100003876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.232.226.83"; classtype:trojan-activity; sid:100003877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.232.239.112"; classtype:trojan-activity; sid:100003878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.232.56.5"; classtype:trojan-activity; sid:100003879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.232.73.55"; classtype:trojan-activity; sid:100003880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.232.76.53"; classtype:trojan-activity; sid:100003881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.233.71.52"; classtype:trojan-activity; sid:100003882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.234.105.240"; classtype:trojan-activity; sid:100003883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.234.152.9"; classtype:trojan-activity; sid:100003884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.234.185.90"; classtype:trojan-activity; sid:100003885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.234.232.235"; classtype:trojan-activity; sid:100003886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.234.248.109"; classtype:trojan-activity; sid:100003887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.234.249.31"; classtype:trojan-activity; sid:100003888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.124.212"; classtype:trojan-activity; sid:100003889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.150.34"; classtype:trojan-activity; sid:100003890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.165.239"; classtype:trojan-activity; sid:100003891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.166.115"; classtype:trojan-activity; sid:100003892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.177.97"; classtype:trojan-activity; sid:100003893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.185.242"; classtype:trojan-activity; sid:100003894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.23.196"; classtype:trojan-activity; sid:100003895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.65.69"; classtype:trojan-activity; sid:100003896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.86.205"; classtype:trojan-activity; sid:100003897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.91.185"; classtype:trojan-activity; sid:100003898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.95.243"; classtype:trojan-activity; sid:100003899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.235.99.109"; classtype:trojan-activity; sid:100003900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.236.139.171"; classtype:trojan-activity; sid:100003901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.236.161.185"; classtype:trojan-activity; sid:100003902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.236.213.106"; classtype:trojan-activity; sid:100003903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.236.237.172"; classtype:trojan-activity; sid:100003904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.236.237.87"; classtype:trojan-activity; sid:100003905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.236.238.222"; classtype:trojan-activity; sid:100003906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.237.139.175"; classtype:trojan-activity; sid:100003907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.237.58.45"; classtype:trojan-activity; sid:100003908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.134.91"; classtype:trojan-activity; sid:100003909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.138.4"; classtype:trojan-activity; sid:100003910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.226.33"; classtype:trojan-activity; sid:100003911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.229.155"; classtype:trojan-activity; sid:100003912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.230.121"; classtype:trojan-activity; sid:100003913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.235.233"; classtype:trojan-activity; sid:100003914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.240.183"; classtype:trojan-activity; sid:100003915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.243.210"; classtype:trojan-activity; sid:100003916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.238.250.189"; classtype:trojan-activity; sid:100003917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.239.152.157"; classtype:trojan-activity; sid:100003918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.239.154.232"; classtype:trojan-activity; sid:100003919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.239.190.183"; classtype:trojan-activity; sid:100003920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.239.244.218"; classtype:trojan-activity; sid:100003921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.239.56.50"; classtype:trojan-activity; sid:100003922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.239.58.249"; classtype:trojan-activity; sid:100003923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.239.97.112"; classtype:trojan-activity; sid:100003924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.56.16.20"; classtype:trojan-activity; sid:100003925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.58.155.35"; classtype:trojan-activity; sid:100003926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.6.56.39"; classtype:trojan-activity; sid:100003927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.61.99.155"; classtype:trojan-activity; sid:100003928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.82.225.92"; classtype:trojan-activity; sid:100003929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.84.139.2"; classtype:trojan-activity; sid:100003930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.98.184.193"; classtype:trojan-activity; sid:100003931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"43.129.7.15"; classtype:trojan-activity; sid:100003932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"43.241.106.183"; classtype:trojan-activity; sid:100003933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"43.248.191.71"; classtype:trojan-activity; sid:100003934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"43.255.241.176"; classtype:trojan-activity; sid:100003935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.115.255.235"; classtype:trojan-activity; sid:100003936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.115.255.236"; classtype:trojan-activity; sid:100003937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.133.1.118"; classtype:trojan-activity; sid:100003938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.133.1.182"; classtype:trojan-activity; sid:100003939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.133.203.192"; classtype:trojan-activity; sid:100003940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.134.8.218"; classtype:trojan-activity; sid:100003941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.137.21.44"; classtype:trojan-activity; sid:100003942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.142.182.126"; classtype:trojan-activity; sid:100003943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.148.121.228"; classtype:trojan-activity; sid:100003944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.164.140.133"; classtype:trojan-activity; sid:100003945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.164.141.118"; classtype:trojan-activity; sid:100003946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.22.209.58"; classtype:trojan-activity; sid:100003947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.224.171.4"; classtype:trojan-activity; sid:100003948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.224.171.5"; classtype:trojan-activity; sid:100003949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.224.171.6"; classtype:trojan-activity; sid:100003950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.23.22.186"; classtype:trojan-activity; sid:100003951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.231.210.214"; classtype:trojan-activity; sid:100003952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.232.73.46"; classtype:trojan-activity; sid:100003953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.248.194.42"; classtype:trojan-activity; sid:100003954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.248.65.2"; classtype:trojan-activity; sid:100003955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.5.209.75"; classtype:trojan-activity; sid:100003956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.51.104.59"; classtype:trojan-activity; sid:100003957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.6.25.163"; classtype:trojan-activity; sid:100003958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.6.26.30"; classtype:trojan-activity; sid:100003959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.6.27.53"; classtype:trojan-activity; sid:100003960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.6.39.26"; classtype:trojan-activity; sid:100003961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.72.212.63"; classtype:trojan-activity; sid:100003962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.85.190.152"; classtype:trojan-activity; sid:100003963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.9.20.101"; classtype:trojan-activity; sid:100003964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.95.169.116"; classtype:trojan-activity; sid:100003965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.106.196.16"; classtype:trojan-activity; sid:100003966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.107.206.141"; classtype:trojan-activity; sid:100003967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.109.180.142"; classtype:trojan-activity; sid:100003968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.116.14.10"; classtype:trojan-activity; sid:100003969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.139.27.132"; classtype:trojan-activity; sid:100003970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.163.178.104"; classtype:trojan-activity; sid:100003971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.172.75.231"; classtype:trojan-activity; sid:100003972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.175.184.18"; classtype:trojan-activity; sid:100003973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.175.22.54"; classtype:trojan-activity; sid:100003974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.214.27.4"; classtype:trojan-activity; sid:100003975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.214.37.242"; classtype:trojan-activity; sid:100003976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.23.199.41"; classtype:trojan-activity; sid:100003977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.236.65.108"; classtype:trojan-activity; sid:100003978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.236.65.83"; classtype:trojan-activity; sid:100003979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.236.84.228"; classtype:trojan-activity; sid:100003980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.24.130.254"; classtype:trojan-activity; sid:100003981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.241.120.165"; classtype:trojan-activity; sid:100003982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.249.32.215"; classtype:trojan-activity; sid:100003983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.36.74.43"; classtype:trojan-activity; sid:100003984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.42.86.128"; classtype:trojan-activity; sid:100003985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.47.80.41"; classtype:trojan-activity; sid:100003986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.72.140.20"; classtype:trojan-activity; sid:100003987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"46.97.21.162"; classtype:trojan-activity; sid:100003988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.145.144.219"; classtype:trojan-activity; sid:100003989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.145.152.26"; classtype:trojan-activity; sid:100003990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.148.46.57"; classtype:trojan-activity; sid:100003991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.151.7.143"; classtype:trojan-activity; sid:100003992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.154.44.62"; classtype:trojan-activity; sid:100003993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.16.133.241"; classtype:trojan-activity; sid:100003994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.180.188.158"; classtype:trojan-activity; sid:100003995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.20.142.234"; classtype:trojan-activity; sid:100003996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.200.1.26"; classtype:trojan-activity; sid:100003997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.21.19.222"; classtype:trojan-activity; sid:100003998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.22.159.114"; classtype:trojan-activity; sid:100003999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.227.126.60"; classtype:trojan-activity; sid:100004000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"47.46.231.38"; classtype:trojan-activity; sid:100004001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.115.192.242"; classtype:trojan-activity; sid:100004002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.115.206.238"; classtype:trojan-activity; sid:100004003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.142.240.85"; classtype:trojan-activity; sid:100004004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.142.87.36"; classtype:trojan-activity; sid:100004005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.143.32.36"; classtype:trojan-activity; sid:100004006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.143.32.41"; classtype:trojan-activity; sid:100004007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.143.43.93"; classtype:trojan-activity; sid:100004008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.156.35.166"; classtype:trojan-activity; sid:100004009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.158.201.200"; classtype:trojan-activity; sid:100004010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.158.202.113"; classtype:trojan-activity; sid:100004011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.159.20.121"; classtype:trojan-activity; sid:100004012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.159.21.171"; classtype:trojan-activity; sid:100004013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.159.21.3"; classtype:trojan-activity; sid:100004014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.159.92.189"; classtype:trojan-activity; sid:100004015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.213.162.148"; classtype:trojan-activity; sid:100004016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.213.164.114"; classtype:trojan-activity; sid:100004017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.213.179.129"; classtype:trojan-activity; sid:100004018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.213.220.203"; classtype:trojan-activity; sid:100004019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.0.140"; classtype:trojan-activity; sid:100004020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.0.16"; classtype:trojan-activity; sid:100004021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.1.234"; classtype:trojan-activity; sid:100004022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.111.127"; classtype:trojan-activity; sid:100004023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.111.254"; classtype:trojan-activity; sid:100004024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.15.131"; classtype:trojan-activity; sid:100004025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.15.187"; classtype:trojan-activity; sid:100004026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.15.217"; classtype:trojan-activity; sid:100004027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.15.22"; classtype:trojan-activity; sid:100004028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.15.248"; classtype:trojan-activity; sid:100004029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.15.56"; classtype:trojan-activity; sid:100004030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.164.7"; classtype:trojan-activity; sid:100004031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.2.205"; classtype:trojan-activity; sid:100004032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.2.209"; classtype:trojan-activity; sid:100004033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.2.210"; classtype:trojan-activity; sid:100004034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.20.198"; classtype:trojan-activity; sid:100004035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.20.46"; classtype:trojan-activity; sid:100004036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.3.17"; classtype:trojan-activity; sid:100004037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.3.177"; classtype:trojan-activity; sid:100004038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.3.192"; classtype:trojan-activity; sid:100004039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.3.196"; classtype:trojan-activity; sid:100004040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.3.8"; classtype:trojan-activity; sid:100004041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.3.9"; classtype:trojan-activity; sid:100004042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.3.99"; classtype:trojan-activity; sid:100004043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.104"; classtype:trojan-activity; sid:100004044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.126"; classtype:trojan-activity; sid:100004045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.147"; classtype:trojan-activity; sid:100004046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.166"; classtype:trojan-activity; sid:100004047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.167"; classtype:trojan-activity; sid:100004048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.170"; classtype:trojan-activity; sid:100004049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.174"; classtype:trojan-activity; sid:100004050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.185"; classtype:trojan-activity; sid:100004051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.219"; classtype:trojan-activity; sid:100004052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.234"; classtype:trojan-activity; sid:100004053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.237"; classtype:trojan-activity; sid:100004054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.253"; classtype:trojan-activity; sid:100004055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.30"; classtype:trojan-activity; sid:100004056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.51"; classtype:trojan-activity; sid:100004057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.53"; classtype:trojan-activity; sid:100004058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.69"; classtype:trojan-activity; sid:100004059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.72"; classtype:trojan-activity; sid:100004060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.87"; classtype:trojan-activity; sid:100004061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.4.9"; classtype:trojan-activity; sid:100004062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.10"; classtype:trojan-activity; sid:100004063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.119"; classtype:trojan-activity; sid:100004064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.124"; classtype:trojan-activity; sid:100004065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.141"; classtype:trojan-activity; sid:100004066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.170"; classtype:trojan-activity; sid:100004067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.175"; classtype:trojan-activity; sid:100004068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.2"; classtype:trojan-activity; sid:100004069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.219"; classtype:trojan-activity; sid:100004070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.224"; classtype:trojan-activity; sid:100004071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.70.81.228"; classtype:trojan-activity; sid:100004072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.116.161"; classtype:trojan-activity; sid:100004073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.117.119"; classtype:trojan-activity; sid:100004074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.118.44"; classtype:trojan-activity; sid:100004075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.119.240"; classtype:trojan-activity; sid:100004076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.244.98"; classtype:trojan-activity; sid:100004077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.247.3"; classtype:trojan-activity; sid:100004078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.62.228"; classtype:trojan-activity; sid:100004079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.62.65"; classtype:trojan-activity; sid:100004080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.62.67"; classtype:trojan-activity; sid:100004081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.70.133"; classtype:trojan-activity; sid:100004082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.70.201"; classtype:trojan-activity; sid:100004083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.70.254"; classtype:trojan-activity; sid:100004084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.70.92"; classtype:trojan-activity; sid:100004085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.124"; classtype:trojan-activity; sid:100004086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.135"; classtype:trojan-activity; sid:100004087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.159"; classtype:trojan-activity; sid:100004088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.168"; classtype:trojan-activity; sid:100004089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.170"; classtype:trojan-activity; sid:100004090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.175"; classtype:trojan-activity; sid:100004091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.177"; classtype:trojan-activity; sid:100004092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.209"; classtype:trojan-activity; sid:100004093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.57"; classtype:trojan-activity; sid:100004094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.72.77"; classtype:trojan-activity; sid:100004095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.103"; classtype:trojan-activity; sid:100004096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.111"; classtype:trojan-activity; sid:100004097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.117"; classtype:trojan-activity; sid:100004098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.120"; classtype:trojan-activity; sid:100004099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.134"; classtype:trojan-activity; sid:100004100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.136"; classtype:trojan-activity; sid:100004101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.140"; classtype:trojan-activity; sid:100004102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.143"; classtype:trojan-activity; sid:100004103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.146"; classtype:trojan-activity; sid:100004104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.159"; classtype:trojan-activity; sid:100004105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.166"; classtype:trojan-activity; sid:100004106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.168"; classtype:trojan-activity; sid:100004107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.170"; classtype:trojan-activity; sid:100004108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.174"; classtype:trojan-activity; sid:100004109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.176"; classtype:trojan-activity; sid:100004110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.18"; classtype:trojan-activity; sid:100004111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.187"; classtype:trojan-activity; sid:100004112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.188"; classtype:trojan-activity; sid:100004113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.19"; classtype:trojan-activity; sid:100004114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.195"; classtype:trojan-activity; sid:100004115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.202"; classtype:trojan-activity; sid:100004116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.206"; classtype:trojan-activity; sid:100004117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.212"; classtype:trojan-activity; sid:100004118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.223"; classtype:trojan-activity; sid:100004119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.224"; classtype:trojan-activity; sid:100004120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.227"; classtype:trojan-activity; sid:100004121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.238"; classtype:trojan-activity; sid:100004122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.241"; classtype:trojan-activity; sid:100004123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.250"; classtype:trojan-activity; sid:100004124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.28"; classtype:trojan-activity; sid:100004125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.29"; classtype:trojan-activity; sid:100004126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.36"; classtype:trojan-activity; sid:100004127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.39"; classtype:trojan-activity; sid:100004128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.40"; classtype:trojan-activity; sid:100004129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.41"; classtype:trojan-activity; sid:100004130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.43"; classtype:trojan-activity; sid:100004131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.49"; classtype:trojan-activity; sid:100004132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.56"; classtype:trojan-activity; sid:100004133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.59"; classtype:trojan-activity; sid:100004134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.72"; classtype:trojan-activity; sid:100004135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.81"; classtype:trojan-activity; sid:100004136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.9"; classtype:trojan-activity; sid:100004137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.90"; classtype:trojan-activity; sid:100004138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.92"; classtype:trojan-activity; sid:100004139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.90.99"; classtype:trojan-activity; sid:100004140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.103"; classtype:trojan-activity; sid:100004141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.126"; classtype:trojan-activity; sid:100004142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.131"; classtype:trojan-activity; sid:100004143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.152"; classtype:trojan-activity; sid:100004144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.182"; classtype:trojan-activity; sid:100004145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.185"; classtype:trojan-activity; sid:100004146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.196"; classtype:trojan-activity; sid:100004147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.21"; classtype:trojan-activity; sid:100004148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.211"; classtype:trojan-activity; sid:100004149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.224"; classtype:trojan-activity; sid:100004150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.29"; classtype:trojan-activity; sid:100004151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.46"; classtype:trojan-activity; sid:100004152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.84"; classtype:trojan-activity; sid:100004153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.85"; classtype:trojan-activity; sid:100004154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.93.94"; classtype:trojan-activity; sid:100004155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.101"; classtype:trojan-activity; sid:100004156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.119"; classtype:trojan-activity; sid:100004157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.120"; classtype:trojan-activity; sid:100004158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.126"; classtype:trojan-activity; sid:100004159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.130"; classtype:trojan-activity; sid:100004160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.135"; classtype:trojan-activity; sid:100004161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.136"; classtype:trojan-activity; sid:100004162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.144"; classtype:trojan-activity; sid:100004163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.157"; classtype:trojan-activity; sid:100004164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.170"; classtype:trojan-activity; sid:100004165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.171"; classtype:trojan-activity; sid:100004166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.173"; classtype:trojan-activity; sid:100004167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.174"; classtype:trojan-activity; sid:100004168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.181"; classtype:trojan-activity; sid:100004169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.182"; classtype:trojan-activity; sid:100004170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.187"; classtype:trojan-activity; sid:100004171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.209"; classtype:trojan-activity; sid:100004172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.210"; classtype:trojan-activity; sid:100004173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.226"; classtype:trojan-activity; sid:100004174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.230"; classtype:trojan-activity; sid:100004175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.24"; classtype:trojan-activity; sid:100004176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.241"; classtype:trojan-activity; sid:100004177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.25"; classtype:trojan-activity; sid:100004178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.37"; classtype:trojan-activity; sid:100004179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.39"; classtype:trojan-activity; sid:100004180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.42"; classtype:trojan-activity; sid:100004181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.44"; classtype:trojan-activity; sid:100004182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.47"; classtype:trojan-activity; sid:100004183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.51"; classtype:trojan-activity; sid:100004184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.52"; classtype:trojan-activity; sid:100004185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.75"; classtype:trojan-activity; sid:100004186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.89"; classtype:trojan-activity; sid:100004187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.97"; classtype:trojan-activity; sid:100004188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"49.89.95.99"; classtype:trojan-activity; sid:100004189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4brits.co.za"; classtype:trojan-activity; sid:100004190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.102.236.162"; classtype:trojan-activity; sid:100004191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.102.242.1"; classtype:trojan-activity; sid:100004192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.198.244.168"; classtype:trojan-activity; sid:100004193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.26.117.142"; classtype:trojan-activity; sid:100004194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.26.239.224"; classtype:trojan-activity; sid:100004195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.28.139.28"; classtype:trojan-activity; sid:100004196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.42.121.155"; classtype:trojan-activity; sid:100004197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.115.174.119"; classtype:trojan-activity; sid:100004198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.192.171.85"; classtype:trojan-activity; sid:100004199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.194.110.19"; classtype:trojan-activity; sid:100004200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.209.208.17"; classtype:trojan-activity; sid:100004201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.212.94.242"; classtype:trojan-activity; sid:100004202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.226.94.6"; classtype:trojan-activity; sid:100004203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.245.199.220"; classtype:trojan-activity; sid:100004204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.247.83.66"; classtype:trojan-activity; sid:100004205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.251.250.50"; classtype:trojan-activity; sid:100004206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"50.83.34.176"; classtype:trojan-activity; sid:100004207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"51.159.54.29"; classtype:trojan-activity; sid:100004208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"51.161.7.116"; classtype:trojan-activity; sid:100004209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"51.195.192.116"; classtype:trojan-activity; sid:100004210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"51.195.61.169"; classtype:trojan-activity; sid:100004211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"51.81.85.213"; classtype:trojan-activity; sid:100004212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"52.165.230.106"; classtype:trojan-activity; sid:100004213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"54.212.206.189"; classtype:trojan-activity; sid:100004214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"54.224.10.186"; classtype:trojan-activity; sid:100004215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.115.161.155"; classtype:trojan-activity; sid:100004216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.115.161.70"; classtype:trojan-activity; sid:100004217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.115.162.92"; classtype:trojan-activity; sid:100004218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.115.166.51"; classtype:trojan-activity; sid:100004219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.115.167.147"; classtype:trojan-activity; sid:100004220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.115.174.4"; classtype:trojan-activity; sid:100004221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.125.191.4"; classtype:trojan-activity; sid:100004222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.141.122.72"; classtype:trojan-activity; sid:100004223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.142.166.120"; classtype:trojan-activity; sid:100004224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.142.200.124"; classtype:trojan-activity; sid:100004225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.142.96.245"; classtype:trojan-activity; sid:100004226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.187.192.112"; classtype:trojan-activity; sid:100004227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.19.149.149"; classtype:trojan-activity; sid:100004228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.212.30.152"; classtype:trojan-activity; sid:100004229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.216.76.175"; classtype:trojan-activity; sid:100004230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.218.19.194"; classtype:trojan-activity; sid:100004231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.23.24.60"; classtype:trojan-activity; sid:100004232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.23.246.170"; classtype:trojan-activity; sid:100004233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.23.58.27"; classtype:trojan-activity; sid:100004234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.230.89.42"; classtype:trojan-activity; sid:100004235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.243.122.37"; classtype:trojan-activity; sid:100004236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.112.79"; classtype:trojan-activity; sid:100004237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.113.94"; classtype:trojan-activity; sid:100004238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.114.96"; classtype:trojan-activity; sid:100004239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.140.224"; classtype:trojan-activity; sid:100004240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.141.106"; classtype:trojan-activity; sid:100004241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.141.149"; classtype:trojan-activity; sid:100004242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.141.173"; classtype:trojan-activity; sid:100004243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.141.188"; classtype:trojan-activity; sid:100004244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.142.144"; classtype:trojan-activity; sid:100004245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.142.248"; classtype:trojan-activity; sid:100004246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.143.104"; classtype:trojan-activity; sid:100004247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.143.116"; classtype:trojan-activity; sid:100004248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.143.188"; classtype:trojan-activity; sid:100004249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.143.50"; classtype:trojan-activity; sid:100004250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.144.127"; classtype:trojan-activity; sid:100004251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.144.221"; classtype:trojan-activity; sid:100004252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.144.88"; classtype:trojan-activity; sid:100004253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.145.118"; classtype:trojan-activity; sid:100004254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.145.233"; classtype:trojan-activity; sid:100004255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.145.41"; classtype:trojan-activity; sid:100004256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.146.216"; classtype:trojan-activity; sid:100004257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.146.220"; classtype:trojan-activity; sid:100004258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.147.143"; classtype:trojan-activity; sid:100004259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.147.190"; classtype:trojan-activity; sid:100004260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.148.139"; classtype:trojan-activity; sid:100004261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.149.142"; classtype:trojan-activity; sid:100004262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.149.144"; classtype:trojan-activity; sid:100004263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.149.197"; classtype:trojan-activity; sid:100004264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.149.73"; classtype:trojan-activity; sid:100004265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.150.106"; classtype:trojan-activity; sid:100004266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.150.175"; classtype:trojan-activity; sid:100004267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.150.52"; classtype:trojan-activity; sid:100004268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.151.130"; classtype:trojan-activity; sid:100004269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.151.83"; classtype:trojan-activity; sid:100004270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.154.25"; classtype:trojan-activity; sid:100004271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.155.146"; classtype:trojan-activity; sid:100004272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.73.33"; classtype:trojan-activity; sid:100004273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.78.37"; classtype:trojan-activity; sid:100004274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.82.193"; classtype:trojan-activity; sid:100004275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.248.83.166"; classtype:trojan-activity; sid:100004276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.13.206"; classtype:trojan-activity; sid:100004277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.14.239"; classtype:trojan-activity; sid:100004278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.17.141"; classtype:trojan-activity; sid:100004279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.18.57"; classtype:trojan-activity; sid:100004280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.20.199"; classtype:trojan-activity; sid:100004281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.21.144"; classtype:trojan-activity; sid:100004282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.22.146"; classtype:trojan-activity; sid:100004283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.22.194"; classtype:trojan-activity; sid:100004284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.23.203"; classtype:trojan-activity; sid:100004285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.72.120"; classtype:trojan-activity; sid:100004286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.72.197"; classtype:trojan-activity; sid:100004287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.73.110"; classtype:trojan-activity; sid:100004288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.73.80"; classtype:trojan-activity; sid:100004289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.74.124"; classtype:trojan-activity; sid:100004290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.75.21"; classtype:trojan-activity; sid:100004291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.75.23"; classtype:trojan-activity; sid:100004292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.75.78"; classtype:trojan-activity; sid:100004293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.76.133"; classtype:trojan-activity; sid:100004294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.76.57"; classtype:trojan-activity; sid:100004295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.77.113"; classtype:trojan-activity; sid:100004296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.77.188"; classtype:trojan-activity; sid:100004297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.78.2"; classtype:trojan-activity; sid:100004298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.78.225"; classtype:trojan-activity; sid:100004299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.79.149"; classtype:trojan-activity; sid:100004300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.79.33"; classtype:trojan-activity; sid:100004301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.8.61"; classtype:trojan-activity; sid:100004302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.80.134"; classtype:trojan-activity; sid:100004303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.80.147"; classtype:trojan-activity; sid:100004304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.80.148"; classtype:trojan-activity; sid:100004305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.80.34"; classtype:trojan-activity; sid:100004306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.81.229"; classtype:trojan-activity; sid:100004307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.81.60"; classtype:trojan-activity; sid:100004308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.82.11"; classtype:trojan-activity; sid:100004309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.82.242"; classtype:trojan-activity; sid:100004310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.83.155"; classtype:trojan-activity; sid:100004311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.83.17"; classtype:trojan-activity; sid:100004312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.85.163"; classtype:trojan-activity; sid:100004313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.85.70"; classtype:trojan-activity; sid:100004314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.86.154"; classtype:trojan-activity; sid:100004315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.86.184"; classtype:trojan-activity; sid:100004316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.86.225"; classtype:trojan-activity; sid:100004317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.86.240"; classtype:trojan-activity; sid:100004318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.86.52"; classtype:trojan-activity; sid:100004319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.86.96"; classtype:trojan-activity; sid:100004320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.87.118"; classtype:trojan-activity; sid:100004321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.87.5"; classtype:trojan-activity; sid:100004322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.87.66"; classtype:trojan-activity; sid:100004323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.89.183"; classtype:trojan-activity; sid:100004324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.9.152"; classtype:trojan-activity; sid:100004325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.91.142"; classtype:trojan-activity; sid:100004326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.91.236"; classtype:trojan-activity; sid:100004327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.249.91.239"; classtype:trojan-activity; sid:100004328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.113.238"; classtype:trojan-activity; sid:100004329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.164.221"; classtype:trojan-activity; sid:100004330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.175.62"; classtype:trojan-activity; sid:100004331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.177.122"; classtype:trojan-activity; sid:100004332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.178.56"; classtype:trojan-activity; sid:100004333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.181.157"; classtype:trojan-activity; sid:100004334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.183.115"; classtype:trojan-activity; sid:100004335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.197.148"; classtype:trojan-activity; sid:100004336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.252.197.74"; classtype:trojan-activity; sid:100004337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.11.112"; classtype:trojan-activity; sid:100004338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.12.77"; classtype:trojan-activity; sid:100004339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.14.80"; classtype:trojan-activity; sid:100004340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.15.199"; classtype:trojan-activity; sid:100004341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.4.11"; classtype:trojan-activity; sid:100004342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.4.111"; classtype:trojan-activity; sid:100004343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.4.29"; classtype:trojan-activity; sid:100004344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.6.161"; classtype:trojan-activity; sid:100004345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.6.206"; classtype:trojan-activity; sid:100004346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.6.25"; classtype:trojan-activity; sid:100004347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.7.120"; classtype:trojan-activity; sid:100004348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.7.163"; classtype:trojan-activity; sid:100004349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.253.9.72"; classtype:trojan-activity; sid:100004350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.254.58.140"; classtype:trojan-activity; sid:100004351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.12.115"; classtype:trojan-activity; sid:100004352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.13.118"; classtype:trojan-activity; sid:100004353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.13.164"; classtype:trojan-activity; sid:100004354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.13.76"; classtype:trojan-activity; sid:100004355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.132.175"; classtype:trojan-activity; sid:100004356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.134.75"; classtype:trojan-activity; sid:100004357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.136.155"; classtype:trojan-activity; sid:100004358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.143.132"; classtype:trojan-activity; sid:100004359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.16.196"; classtype:trojan-activity; sid:100004360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.17.138"; classtype:trojan-activity; sid:100004361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.19.171"; classtype:trojan-activity; sid:100004362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.208.64"; classtype:trojan-activity; sid:100004363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.209.47"; classtype:trojan-activity; sid:100004364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.210.173"; classtype:trojan-activity; sid:100004365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.210.222"; classtype:trojan-activity; sid:100004366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.210.255"; classtype:trojan-activity; sid:100004367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.211.79"; classtype:trojan-activity; sid:100004368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.218.243"; classtype:trojan-activity; sid:100004369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.255.41.46"; classtype:trojan-activity; sid:100004370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.46.196.19"; classtype:trojan-activity; sid:100004371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.48.152.77"; classtype:trojan-activity; sid:100004372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.52.212.61"; classtype:trojan-activity; sid:100004373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.53.68.130"; classtype:trojan-activity; sid:100004374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.54.108.10"; classtype:trojan-activity; sid:100004375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.54.161.135"; classtype:trojan-activity; sid:100004376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.55.168.71"; classtype:trojan-activity; sid:100004377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.55.172.164"; classtype:trojan-activity; sid:100004378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.55.52.250"; classtype:trojan-activity; sid:100004379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.55.73.2"; classtype:trojan-activity; sid:100004380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.58.41.106"; classtype:trojan-activity; sid:100004381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.72.165.153"; classtype:trojan-activity; sid:100004382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.76.151.189"; classtype:trojan-activity; sid:100004383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.94.76.112"; classtype:trojan-activity; sid:100004384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"58.97.201.45"; classtype:trojan-activity; sid:100004385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.0.158.67"; classtype:trojan-activity; sid:100004386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.1.115.162"; classtype:trojan-activity; sid:100004387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.1.251.12"; classtype:trojan-activity; sid:100004388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.126.78.236"; classtype:trojan-activity; sid:100004389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.127.182.60"; classtype:trojan-activity; sid:100004390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.127.212.86"; classtype:trojan-activity; sid:100004391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.127.36.86"; classtype:trojan-activity; sid:100004392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.15.78.225"; classtype:trojan-activity; sid:100004393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.173.151.247"; classtype:trojan-activity; sid:100004394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.175.62.233"; classtype:trojan-activity; sid:100004395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.180.175.83"; classtype:trojan-activity; sid:100004396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.23.218.91"; classtype:trojan-activity; sid:100004397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.23.24.187"; classtype:trojan-activity; sid:100004398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.26.12.115"; classtype:trojan-activity; sid:100004399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.27.255.101"; classtype:trojan-activity; sid:100004400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.3.30.251"; classtype:trojan-activity; sid:100004401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.35.29.51"; classtype:trojan-activity; sid:100004402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.47.187.147"; classtype:trojan-activity; sid:100004403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.5.225.169"; classtype:trojan-activity; sid:100004404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.51.16.109"; classtype:trojan-activity; sid:100004405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.58.109.31"; classtype:trojan-activity; sid:100004406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.58.117.63"; classtype:trojan-activity; sid:100004407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.63.91.45"; classtype:trojan-activity; sid:100004408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.89.211.16"; classtype:trojan-activity; sid:100004409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.89.214.69"; classtype:trojan-activity; sid:100004410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.89.216.104"; classtype:trojan-activity; sid:100004411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.89.221.218"; classtype:trojan-activity; sid:100004412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.17.193"; classtype:trojan-activity; sid:100004413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.17.43"; classtype:trojan-activity; sid:100004414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.20.219"; classtype:trojan-activity; sid:100004415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.23.86"; classtype:trojan-activity; sid:100004416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.24.8"; classtype:trojan-activity; sid:100004417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.25.225"; classtype:trojan-activity; sid:100004418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.27.182"; classtype:trojan-activity; sid:100004419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.93.31.70"; classtype:trojan-activity; sid:100004420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.94.199.12"; classtype:trojan-activity; sid:100004421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.94.207.71"; classtype:trojan-activity; sid:100004422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.95.66.212"; classtype:trojan-activity; sid:100004423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.95.66.216"; classtype:trojan-activity; sid:100004424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.95.67.152"; classtype:trojan-activity; sid:100004425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.95.68.152"; classtype:trojan-activity; sid:100004426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.96.56.74"; classtype:trojan-activity; sid:100004427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.97.168.216"; classtype:trojan-activity; sid:100004428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.97.168.224"; classtype:trojan-activity; sid:100004429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.97.175.176"; classtype:trojan-activity; sid:100004430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.98.109.46"; classtype:trojan-activity; sid:100004431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.98.143.157"; classtype:trojan-activity; sid:100004432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.131.146"; classtype:trojan-activity; sid:100004433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.131.34"; classtype:trojan-activity; sid:100004434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.132.87"; classtype:trojan-activity; sid:100004435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.133.26"; classtype:trojan-activity; sid:100004436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.135.136"; classtype:trojan-activity; sid:100004437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.135.185"; classtype:trojan-activity; sid:100004438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.137.90"; classtype:trojan-activity; sid:100004439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.142.130"; classtype:trojan-activity; sid:100004440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.142.212"; classtype:trojan-activity; sid:100004441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.200.127"; classtype:trojan-activity; sid:100004442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.203.252"; classtype:trojan-activity; sid:100004443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.206.38"; classtype:trojan-activity; sid:100004444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.34.85"; classtype:trojan-activity; sid:100004445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.41.6"; classtype:trojan-activity; sid:100004446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.42.112"; classtype:trojan-activity; sid:100004447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.43.179"; classtype:trojan-activity; sid:100004448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.43.77"; classtype:trojan-activity; sid:100004449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.45.124"; classtype:trojan-activity; sid:100004450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.45.41"; classtype:trojan-activity; sid:100004451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"59.99.47.6"; classtype:trojan-activity; sid:100004452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5track.link"; classtype:trojan-activity; sid:100004453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.0.209.211"; classtype:trojan-activity; sid:100004454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.10.238.5"; classtype:trojan-activity; sid:100004455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.13.60.19"; classtype:trojan-activity; sid:100004456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.16.100.174"; classtype:trojan-activity; sid:100004457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.16.228.176"; classtype:trojan-activity; sid:100004458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.162.115.192"; classtype:trojan-activity; sid:100004459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.162.183.86"; classtype:trojan-activity; sid:100004460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.162.212.44"; classtype:trojan-activity; sid:100004461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.163.215.27"; classtype:trojan-activity; sid:100004462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.18.114.146"; classtype:trojan-activity; sid:100004463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.183.24.182"; classtype:trojan-activity; sid:100004464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.184.143.168"; classtype:trojan-activity; sid:100004465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.189.28.48"; classtype:trojan-activity; sid:100004466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.209.16.40"; classtype:trojan-activity; sid:100004467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.209.227.3"; classtype:trojan-activity; sid:100004468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.211.27.68"; classtype:trojan-activity; sid:100004469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.161.132"; classtype:trojan-activity; sid:100004470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.171.12"; classtype:trojan-activity; sid:100004471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.207.158"; classtype:trojan-activity; sid:100004472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.207.46"; classtype:trojan-activity; sid:100004473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.219.149"; classtype:trojan-activity; sid:100004474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.233.45"; classtype:trojan-activity; sid:100004475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.249.72"; classtype:trojan-activity; sid:100004476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.253.97"; classtype:trojan-activity; sid:100004477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.212.64.44"; classtype:trojan-activity; sid:100004478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.213.114.174"; classtype:trojan-activity; sid:100004479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.213.163.139"; classtype:trojan-activity; sid:100004480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.214.194.22"; classtype:trojan-activity; sid:100004481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.214.35.147"; classtype:trojan-activity; sid:100004482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.214.49.116"; classtype:trojan-activity; sid:100004483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.214.77.7"; classtype:trojan-activity; sid:100004484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.215.198.35"; classtype:trojan-activity; sid:100004485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.215.215.108"; classtype:trojan-activity; sid:100004486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.215.221.120"; classtype:trojan-activity; sid:100004487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.215.3.139"; classtype:trojan-activity; sid:100004488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.215.63.49"; classtype:trojan-activity; sid:100004489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.217.110.225"; classtype:trojan-activity; sid:100004490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.217.177.168"; classtype:trojan-activity; sid:100004491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.223.171.197"; classtype:trojan-activity; sid:100004492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.223.92.66"; classtype:trojan-activity; sid:100004493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.23.229.51"; classtype:trojan-activity; sid:100004494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.26.133.70"; classtype:trojan-activity; sid:100004495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.5.173.18"; classtype:trojan-activity; sid:100004496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.5.181.55"; classtype:trojan-activity; sid:100004497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.7.107.76"; classtype:trojan-activity; sid:100004498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.7.115.33"; classtype:trojan-activity; sid:100004499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"60.7.138.53"; classtype:trojan-activity; sid:100004500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.144.145.241"; classtype:trojan-activity; sid:100004501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.144.184.17"; classtype:trojan-activity; sid:100004502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.156.207.118"; classtype:trojan-activity; sid:100004503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.162.55.42"; classtype:trojan-activity; sid:100004504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.163.129.39"; classtype:trojan-activity; sid:100004505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.163.139.15"; classtype:trojan-activity; sid:100004506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.163.141.110"; classtype:trojan-activity; sid:100004507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.163.149.30"; classtype:trojan-activity; sid:100004508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.167.82.220"; classtype:trojan-activity; sid:100004509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.179.198.52"; classtype:trojan-activity; sid:100004510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.184.64.205"; classtype:trojan-activity; sid:100004511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.216.90.19"; classtype:trojan-activity; sid:100004512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.247.183.18"; classtype:trojan-activity; sid:100004513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.3.147.46"; classtype:trojan-activity; sid:100004514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.3.154.97"; classtype:trojan-activity; sid:100004515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.3.157.77"; classtype:trojan-activity; sid:100004516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.3.188.193"; classtype:trojan-activity; sid:100004517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.3.70.27"; classtype:trojan-activity; sid:100004518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.10.131"; classtype:trojan-activity; sid:100004519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.10.16"; classtype:trojan-activity; sid:100004520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.12.229"; classtype:trojan-activity; sid:100004521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.157.50"; classtype:trojan-activity; sid:100004522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.174.244"; classtype:trojan-activity; sid:100004523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.184.112"; classtype:trojan-activity; sid:100004524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.193.7"; classtype:trojan-activity; sid:100004525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.33.245"; classtype:trojan-activity; sid:100004526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.36.134"; classtype:trojan-activity; sid:100004527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.42.22"; classtype:trojan-activity; sid:100004528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.45.34"; classtype:trojan-activity; sid:100004529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.47.49"; classtype:trojan-activity; sid:100004530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.51.138"; classtype:trojan-activity; sid:100004531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.63.70"; classtype:trojan-activity; sid:100004532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.75.132"; classtype:trojan-activity; sid:100004533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.96.222"; classtype:trojan-activity; sid:100004534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.52.99.177"; classtype:trojan-activity; sid:100004535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.109.120"; classtype:trojan-activity; sid:100004536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.116.209"; classtype:trojan-activity; sid:100004537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.118.42"; classtype:trojan-activity; sid:100004538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.120.24"; classtype:trojan-activity; sid:100004539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.145.67"; classtype:trojan-activity; sid:100004540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.145.99"; classtype:trojan-activity; sid:100004541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.150.147"; classtype:trojan-activity; sid:100004542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.171.248"; classtype:trojan-activity; sid:100004543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.206.25"; classtype:trojan-activity; sid:100004544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.33.223"; classtype:trojan-activity; sid:100004545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.39.60"; classtype:trojan-activity; sid:100004546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.72.108"; classtype:trojan-activity; sid:100004547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.75.169"; classtype:trojan-activity; sid:100004548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.84.236"; classtype:trojan-activity; sid:100004549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.84.237"; classtype:trojan-activity; sid:100004550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.89.254"; classtype:trojan-activity; sid:100004551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.53.98.242"; classtype:trojan-activity; sid:100004552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.11.186"; classtype:trojan-activity; sid:100004553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.185.144"; classtype:trojan-activity; sid:100004554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.41.97"; classtype:trojan-activity; sid:100004555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.42.218"; classtype:trojan-activity; sid:100004556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.42.89"; classtype:trojan-activity; sid:100004557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.43.242"; classtype:trojan-activity; sid:100004558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.43.86"; classtype:trojan-activity; sid:100004559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.54.59.22"; classtype:trojan-activity; sid:100004560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.55.209.19"; classtype:trojan-activity; sid:100004561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.56.180.67"; classtype:trojan-activity; sid:100004562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.58.172.244"; classtype:trojan-activity; sid:100004563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.58.73.220"; classtype:trojan-activity; sid:100004564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.61.218.23"; classtype:trojan-activity; sid:100004565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.61.88.199"; classtype:trojan-activity; sid:100004566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.63.246.138"; classtype:trojan-activity; sid:100004567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.63.246.140"; classtype:trojan-activity; sid:100004568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.65.172.121"; classtype:trojan-activity; sid:100004569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.110.59"; classtype:trojan-activity; sid:100004570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.132.195"; classtype:trojan-activity; sid:100004571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.133.75"; classtype:trojan-activity; sid:100004572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.155.27"; classtype:trojan-activity; sid:100004573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.247.150"; classtype:trojan-activity; sid:100004574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.255.230"; classtype:trojan-activity; sid:100004575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.3.170"; classtype:trojan-activity; sid:100004576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.45.130"; classtype:trojan-activity; sid:100004577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.70.69.173"; classtype:trojan-activity; sid:100004578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.75.36.225"; classtype:trojan-activity; sid:100004579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.85.133.73"; classtype:trojan-activity; sid:100004580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61.85.171.104"; classtype:trojan-activity; sid:100004581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.141.73.58"; classtype:trojan-activity; sid:100004582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.219.131.205"; classtype:trojan-activity; sid:100004583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.219.138.150"; classtype:trojan-activity; sid:100004584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.219.143.46"; classtype:trojan-activity; sid:100004585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.219.229.190"; classtype:trojan-activity; sid:100004586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.219.237.224"; classtype:trojan-activity; sid:100004587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.31.126.33"; classtype:trojan-activity; sid:100004588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.38.115.196"; classtype:trojan-activity; sid:100004589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.38.130.177"; classtype:trojan-activity; sid:100004590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.38.149.66"; classtype:trojan-activity; sid:100004591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.38.222.98"; classtype:trojan-activity; sid:100004592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.43.207.148"; classtype:trojan-activity; sid:100004593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.90.142.43"; classtype:trojan-activity; sid:100004594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.90.161.62"; classtype:trojan-activity; sid:100004595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"62.90.165.236"; classtype:trojan-activity; sid:100004596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"63.142.198.87"; classtype:trojan-activity; sid:100004597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"63.245.122.93"; classtype:trojan-activity; sid:100004598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"63.250.112.157"; classtype:trojan-activity; sid:100004599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"64.112.182.150"; classtype:trojan-activity; sid:100004600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"65.125.128.196"; classtype:trojan-activity; sid:100004601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"65.186.211.105"; classtype:trojan-activity; sid:100004602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"65.26.155.131"; classtype:trojan-activity; sid:100004603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"65.35.61.255"; classtype:trojan-activity; sid:100004604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"65.75.102.36"; classtype:trojan-activity; sid:100004605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"66.108.79.137"; classtype:trojan-activity; sid:100004606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"66.186.243.228"; classtype:trojan-activity; sid:100004607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"66.229.92.206"; classtype:trojan-activity; sid:100004608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"66.57.55.210"; classtype:trojan-activity; sid:100004609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"66.85.229.121"; classtype:trojan-activity; sid:100004610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"66.91.200.144"; classtype:trojan-activity; sid:100004611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"66.91.21.31"; classtype:trojan-activity; sid:100004612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67.245.120.145"; classtype:trojan-activity; sid:100004613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67.247.123.0"; classtype:trojan-activity; sid:100004614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67.250.98.123"; classtype:trojan-activity; sid:100004615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67.8.138.101"; classtype:trojan-activity; sid:100004616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67.80.30.18"; classtype:trojan-activity; sid:100004617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67.84.139.167"; classtype:trojan-activity; sid:100004618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67.85.208.148"; classtype:trojan-activity; sid:100004619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.113.80.247"; classtype:trojan-activity; sid:100004620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.174.182.226"; classtype:trojan-activity; sid:100004621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.188.144.143"; classtype:trojan-activity; sid:100004622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.195.217.253"; classtype:trojan-activity; sid:100004623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.197.33.124"; classtype:trojan-activity; sid:100004624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.198.171.184"; classtype:trojan-activity; sid:100004625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.205.119.241"; classtype:trojan-activity; sid:100004626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.236.212.86"; classtype:trojan-activity; sid:100004627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"68.84.51.98"; classtype:trojan-activity; sid:100004628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"69.115.37.205"; classtype:trojan-activity; sid:100004629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"69.120.237.255"; classtype:trojan-activity; sid:100004630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"69.165.173.49"; classtype:trojan-activity; sid:100004631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"69.222.157.166"; classtype:trojan-activity; sid:100004632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"69.59.92.28"; classtype:trojan-activity; sid:100004633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"69.63.73.234"; classtype:trojan-activity; sid:100004634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"69.75.227.186"; classtype:trojan-activity; sid:100004635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"70.115.31.30"; classtype:trojan-activity; sid:100004636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"70.167.10.180"; classtype:trojan-activity; sid:100004637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"70.236.190.250"; classtype:trojan-activity; sid:100004638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"70.44.154.126"; classtype:trojan-activity; sid:100004639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"70.79.173.244"; classtype:trojan-activity; sid:100004640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.127.148.69"; classtype:trojan-activity; sid:100004641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.163.125.165"; classtype:trojan-activity; sid:100004642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.17.10.8"; classtype:trojan-activity; sid:100004643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.190.150.144"; classtype:trojan-activity; sid:100004644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.228.126.91"; classtype:trojan-activity; sid:100004645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.40.234.166"; classtype:trojan-activity; sid:100004646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.43.106.142"; classtype:trojan-activity; sid:100004647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.47.133.58"; classtype:trojan-activity; sid:100004648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.62.14.246"; classtype:trojan-activity; sid:100004649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.66.203.234"; classtype:trojan-activity; sid:100004650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.68.229.247"; classtype:trojan-activity; sid:100004651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.71.60.69"; classtype:trojan-activity; sid:100004652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.76.173.75"; classtype:trojan-activity; sid:100004653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.79.235.170"; classtype:trojan-activity; sid:100004654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"71.85.106.211"; classtype:trojan-activity; sid:100004655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"72.133.148.246"; classtype:trojan-activity; sid:100004656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"72.186.139.38"; classtype:trojan-activity; sid:100004657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"72.202.249.109"; classtype:trojan-activity; sid:100004658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"72.214.61.120"; classtype:trojan-activity; sid:100004659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"72.214.69.226"; classtype:trojan-activity; sid:100004660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"72.43.71.36"; classtype:trojan-activity; sid:100004661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"72.68.173.197"; classtype:trojan-activity; sid:100004662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.127.64.11"; classtype:trojan-activity; sid:100004663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.163.134.45"; classtype:trojan-activity; sid:100004664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.31.139.77"; classtype:trojan-activity; sid:100004665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.46.220.100"; classtype:trojan-activity; sid:100004666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.49.3.195"; classtype:trojan-activity; sid:100004667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.58.164.153"; classtype:trojan-activity; sid:100004668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.70.164.42"; classtype:trojan-activity; sid:100004669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.84.49.191"; classtype:trojan-activity; sid:100004670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"73.97.12.152"; classtype:trojan-activity; sid:100004671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"74.108.224.112"; classtype:trojan-activity; sid:100004672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"74.221.153.26"; classtype:trojan-activity; sid:100004673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"74.75.165.81"; classtype:trojan-activity; sid:100004674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"74.88.22.42"; classtype:trojan-activity; sid:100004675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"74.93.60.190"; classtype:trojan-activity; sid:100004676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.127.141.52"; classtype:trojan-activity; sid:100004677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.129.90.99"; classtype:trojan-activity; sid:100004678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.146.85.149"; classtype:trojan-activity; sid:100004679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.151.35.77"; classtype:trojan-activity; sid:100004680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.155.123.172"; classtype:trojan-activity; sid:100004681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.186.100.206"; classtype:trojan-activity; sid:100004682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.67.206.39"; classtype:trojan-activity; sid:100004683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.83.102.27"; classtype:trojan-activity; sid:100004684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.97.202.184"; classtype:trojan-activity; sid:100004685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.99.143.195"; classtype:trojan-activity; sid:100004686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.99.144.114"; classtype:trojan-activity; sid:100004687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"75.99.213.61"; classtype:trojan-activity; sid:100004688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.108.187.210"; classtype:trojan-activity; sid:100004689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.108.191.3"; classtype:trojan-activity; sid:100004690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.170.11.82"; classtype:trojan-activity; sid:100004691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.178.22.145"; classtype:trojan-activity; sid:100004692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.217.92.231"; classtype:trojan-activity; sid:100004693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.250.199.133"; classtype:trojan-activity; sid:100004694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.79.220.181"; classtype:trojan-activity; sid:100004695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.84.134.33"; classtype:trojan-activity; sid:100004696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"76.95.12.137"; classtype:trojan-activity; sid:100004697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"77.237.25.210"; classtype:trojan-activity; sid:100004698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"77.27.69.138"; classtype:trojan-activity; sid:100004699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"77.79.191.32"; classtype:trojan-activity; sid:100004700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"77st.net"; classtype:trojan-activity; sid:100004701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.175.5.37"; classtype:trojan-activity; sid:100004702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.186.40.28"; classtype:trojan-activity; sid:100004703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.187.141.144"; classtype:trojan-activity; sid:100004704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.187.240.125"; classtype:trojan-activity; sid:100004705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.187.41.200"; classtype:trojan-activity; sid:100004706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.188.131.165"; classtype:trojan-activity; sid:100004707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.188.168.64"; classtype:trojan-activity; sid:100004708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.188.188.141"; classtype:trojan-activity; sid:100004709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.189.104.157"; classtype:trojan-activity; sid:100004710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.189.176.163"; classtype:trojan-activity; sid:100004711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.189.237.53"; classtype:trojan-activity; sid:100004712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.189.27.157"; classtype:trojan-activity; sid:100004713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.189.48.68"; classtype:trojan-activity; sid:100004714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.197.6.50"; classtype:trojan-activity; sid:100004715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.66.209.192"; classtype:trojan-activity; sid:100004716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.97.122.109"; classtype:trojan-activity; sid:100004717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"786news.com"; classtype:trojan-activity; sid:100004718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"79.126.80.189"; classtype:trojan-activity; sid:100004719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"79.137.250.41"; classtype:trojan-activity; sid:100004720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"79.170.30.142"; classtype:trojan-activity; sid:100004721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"79.170.30.245"; classtype:trojan-activity; sid:100004722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"79.3.72.208"; classtype:trojan-activity; sid:100004723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"79.79.58.94"; classtype:trojan-activity; sid:100004724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8.210.133.129"; classtype:trojan-activity; sid:100004725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"80.107.89.188"; classtype:trojan-activity; sid:100004726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"80.174.103.91"; classtype:trojan-activity; sid:100004727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"80.211.181.77"; classtype:trojan-activity; sid:100004728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"80.44.19.234"; classtype:trojan-activity; sid:100004729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.163.246.9"; classtype:trojan-activity; sid:100004730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.165.44.109"; classtype:trojan-activity; sid:100004731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.214.143.93"; classtype:trojan-activity; sid:100004732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.215.202.162"; classtype:trojan-activity; sid:100004733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.218.139.126"; classtype:trojan-activity; sid:100004734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.218.156.164"; classtype:trojan-activity; sid:100004735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.218.170.52"; classtype:trojan-activity; sid:100004736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.218.180.161"; classtype:trojan-activity; sid:100004737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.218.187.113"; classtype:trojan-activity; sid:100004738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.218.195.216"; classtype:trojan-activity; sid:100004739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.218.196.175"; classtype:trojan-activity; sid:100004740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.22.59.112"; classtype:trojan-activity; sid:100004741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.232.15.23"; classtype:trojan-activity; sid:100004742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.24.82.72"; classtype:trojan-activity; sid:100004743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.246.225.203"; classtype:trojan-activity; sid:100004744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.5.66.115"; classtype:trojan-activity; sid:100004745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.60.194.183"; classtype:trojan-activity; sid:100004746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"81.61.234.34"; classtype:trojan-activity; sid:100004747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.121.6.1"; classtype:trojan-activity; sid:100004748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.146.91.18"; classtype:trojan-activity; sid:100004749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.166.212.178"; classtype:trojan-activity; sid:100004750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.166.85.112"; classtype:trojan-activity; sid:100004751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.166.86.104"; classtype:trojan-activity; sid:100004752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.194.55.190"; classtype:trojan-activity; sid:100004753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.207.61.194"; classtype:trojan-activity; sid:100004754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.208.189.252"; classtype:trojan-activity; sid:100004755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.209.229.142"; classtype:trojan-activity; sid:100004756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.62.110.252"; classtype:trojan-activity; sid:100004757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.62.210.102"; classtype:trojan-activity; sid:100004758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.62.53.77"; classtype:trojan-activity; sid:100004759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.62.65.143"; classtype:trojan-activity; sid:100004760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.80.138.72"; classtype:trojan-activity; sid:100004761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.80.139.92"; classtype:trojan-activity; sid:100004762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.80.142.134"; classtype:trojan-activity; sid:100004763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.80.154.214"; classtype:trojan-activity; sid:100004764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.80.166.183"; classtype:trojan-activity; sid:100004765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.80.187.109"; classtype:trojan-activity; sid:100004766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.80.55.131"; classtype:trojan-activity; sid:100004767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.100.54"; classtype:trojan-activity; sid:100004768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.101.148"; classtype:trojan-activity; sid:100004769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.106.65"; classtype:trojan-activity; sid:100004770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.108.172"; classtype:trojan-activity; sid:100004771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.108.230"; classtype:trojan-activity; sid:100004772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.131.158"; classtype:trojan-activity; sid:100004773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.134.66"; classtype:trojan-activity; sid:100004774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.19.42"; classtype:trojan-activity; sid:100004775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.232.68"; classtype:trojan-activity; sid:100004776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.234.195"; classtype:trojan-activity; sid:100004777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.4.57"; classtype:trojan-activity; sid:100004778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.42.161"; classtype:trojan-activity; sid:100004779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.73.245"; classtype:trojan-activity; sid:100004780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"82.81.98.51"; classtype:trojan-activity; sid:100004781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.0.233.13"; classtype:trojan-activity; sid:100004782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.165.237.163"; classtype:trojan-activity; sid:100004783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.218.189.6"; classtype:trojan-activity; sid:100004784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.234.147.99"; classtype:trojan-activity; sid:100004785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.234.218.42"; classtype:trojan-activity; sid:100004786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.251.143.42"; classtype:trojan-activity; sid:100004787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.33.236.175"; classtype:trojan-activity; sid:100004788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"83.49.228.44"; classtype:trojan-activity; sid:100004789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.1.22.11"; classtype:trojan-activity; sid:100004790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.124.168.112"; classtype:trojan-activity; sid:100004791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.15.171.61"; classtype:trojan-activity; sid:100004792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.194.131.233"; classtype:trojan-activity; sid:100004793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.208.211.177"; classtype:trojan-activity; sid:100004794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.210.216.196"; classtype:trojan-activity; sid:100004795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.210.220.214"; classtype:trojan-activity; sid:100004796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.215.116.45"; classtype:trojan-activity; sid:100004797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.228.112.240"; classtype:trojan-activity; sid:100004798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.228.114.91"; classtype:trojan-activity; sid:100004799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.228.122.123"; classtype:trojan-activity; sid:100004800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.228.50.118"; classtype:trojan-activity; sid:100004801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.228.95.204"; classtype:trojan-activity; sid:100004802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.242.139.134"; classtype:trojan-activity; sid:100004803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.254.39.129"; classtype:trojan-activity; sid:100004804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.33.111.227"; classtype:trojan-activity; sid:100004805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"84.40.127.242"; classtype:trojan-activity; sid:100004806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8402d53c-17e9-4250-8011-20f28f5d404f.certbooster.com"; classtype:trojan-activity; sid:100004807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.105.135.187"; classtype:trojan-activity; sid:100004808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.105.180.228"; classtype:trojan-activity; sid:100004809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.105.192.117"; classtype:trojan-activity; sid:100004810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.105.202.53"; classtype:trojan-activity; sid:100004811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.105.208.25"; classtype:trojan-activity; sid:100004812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.105.8.9"; classtype:trojan-activity; sid:100004813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.105.82.94"; classtype:trojan-activity; sid:100004814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.112.32.172"; classtype:trojan-activity; sid:100004815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.186.151.246"; classtype:trojan-activity; sid:100004816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.237.217.143"; classtype:trojan-activity; sid:100004817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.237.217.144"; classtype:trojan-activity; sid:100004818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.239.33.9"; classtype:trojan-activity; sid:100004819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.247.67.171"; classtype:trojan-activity; sid:100004820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.64.120.250"; classtype:trojan-activity; sid:100004821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.74.86.162"; classtype:trojan-activity; sid:100004822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.97.111.84"; classtype:trojan-activity; sid:100004823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.97.130.227"; classtype:trojan-activity; sid:100004824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.99.110.13"; classtype:trojan-activity; sid:100004825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"85.99.96.36"; classtype:trojan-activity; sid:100004826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"86.12.245.33"; classtype:trojan-activity; sid:100004827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"86.124.66.244"; classtype:trojan-activity; sid:100004828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"86.164.144.168"; classtype:trojan-activity; sid:100004829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"86.35.43.220"; classtype:trojan-activity; sid:100004830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"86.42.151.175"; classtype:trojan-activity; sid:100004831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"86.6.187.44"; classtype:trojan-activity; sid:100004832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"86.98.83.67"; classtype:trojan-activity; sid:100004833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"87.104.121.97"; classtype:trojan-activity; sid:100004834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"87.120.215.98"; classtype:trojan-activity; sid:100004835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"87.27.143.210"; classtype:trojan-activity; sid:100004836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.119.171.253"; classtype:trojan-activity; sid:100004837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.12.54.150"; classtype:trojan-activity; sid:100004838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.2.208.71"; classtype:trojan-activity; sid:100004839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.204.210.194"; classtype:trojan-activity; sid:100004840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.218.227.141"; classtype:trojan-activity; sid:100004841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.233.156.190"; classtype:trojan-activity; sid:100004842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.247.172.6"; classtype:trojan-activity; sid:100004843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.247.195.125"; classtype:trojan-activity; sid:100004844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.248.112.205"; classtype:trojan-activity; sid:100004845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.248.51.139"; classtype:trojan-activity; sid:100004846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.248.99.187"; classtype:trojan-activity; sid:100004847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.250.19.224"; classtype:trojan-activity; sid:100004848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.250.226.26"; classtype:trojan-activity; sid:100004849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.250.240.245"; classtype:trojan-activity; sid:100004850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.250.254.90"; classtype:trojan-activity; sid:100004851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.83.53.164"; classtype:trojan-activity; sid:100004852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"88.99.21.170"; classtype:trojan-activity; sid:100004853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.122.198.237"; classtype:trojan-activity; sid:100004854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.122.96.52"; classtype:trojan-activity; sid:100004855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.152.144.81"; classtype:trojan-activity; sid:100004856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.165.170.54"; classtype:trojan-activity; sid:100004857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.215.188.163"; classtype:trojan-activity; sid:100004858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.237.70.44"; classtype:trojan-activity; sid:100004859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.237.84.19"; classtype:trojan-activity; sid:100004860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.237.85.187"; classtype:trojan-activity; sid:100004861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.248.112.202"; classtype:trojan-activity; sid:100004862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.39.3.12"; classtype:trojan-activity; sid:100004863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.40.85.166"; classtype:trojan-activity; sid:100004864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.40.87.5"; classtype:trojan-activity; sid:100004865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.97.62.134"; classtype:trojan-activity; sid:100004866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89.97.64.171"; classtype:trojan-activity; sid:100004867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8poieq.bn.files.1drv.com"; classtype:trojan-activity; sid:100004868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"90.150.90.231"; classtype:trojan-activity; sid:100004869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"90.22.246.153"; classtype:trojan-activity; sid:100004870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"90.224.214.248"; classtype:trojan-activity; sid:100004871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"90.230.185.61"; classtype:trojan-activity; sid:100004872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"90.63.176.144"; classtype:trojan-activity; sid:100004873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"90.84.224.152"; classtype:trojan-activity; sid:100004874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.122.213.250"; classtype:trojan-activity; sid:100004875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.122.93.156"; classtype:trojan-activity; sid:100004876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.124.114.41"; classtype:trojan-activity; sid:100004877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.124.172.157"; classtype:trojan-activity; sid:100004878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.138.215.5"; classtype:trojan-activity; sid:100004879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.148.182.27"; classtype:trojan-activity; sid:100004880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.187.103.32"; classtype:trojan-activity; sid:100004881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.212.150.241"; classtype:trojan-activity; sid:100004882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.214.124.225"; classtype:trojan-activity; sid:100004883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.215.79.23"; classtype:trojan-activity; sid:100004884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.217.104.185"; classtype:trojan-activity; sid:100004885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.222.140.240"; classtype:trojan-activity; sid:100004886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.226.129.239"; classtype:trojan-activity; sid:100004887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.235.129.172"; classtype:trojan-activity; sid:100004888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.241.19.38"; classtype:trojan-activity; sid:100004889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.244.169.139"; classtype:trojan-activity; sid:100004890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.92.16.244"; classtype:trojan-activity; sid:100004891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.98.248.104"; classtype:trojan-activity; sid:100004892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91.98.251.156"; classtype:trojan-activity; sid:100004893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"91yudao.com"; classtype:trojan-activity; sid:100004894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.101.79.204"; classtype:trojan-activity; sid:100004895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.113.204.140"; classtype:trojan-activity; sid:100004896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.242.54.217"; classtype:trojan-activity; sid:100004897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.54.237.237"; classtype:trojan-activity; sid:100004898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.54.237.72"; classtype:trojan-activity; sid:100004899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.85.32.209"; classtype:trojan-activity; sid:100004900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.145.118.71"; classtype:trojan-activity; sid:100004901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.157.62.185"; classtype:trojan-activity; sid:100004902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.159.141.165"; classtype:trojan-activity; sid:100004903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.171.157.73"; classtype:trojan-activity; sid:100004904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.172.122.236"; classtype:trojan-activity; sid:100004905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.21.224.154"; classtype:trojan-activity; sid:100004906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.39.115.176"; classtype:trojan-activity; sid:100004907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.41.137.16"; classtype:trojan-activity; sid:100004908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.41.182.249"; classtype:trojan-activity; sid:100004909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.41.206.56"; classtype:trojan-activity; sid:100004910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"93.57.43.233"; classtype:trojan-activity; sid:100004911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.137.31.250"; classtype:trojan-activity; sid:100004912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.154.152.248"; classtype:trojan-activity; sid:100004913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.154.152.250"; classtype:trojan-activity; sid:100004914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.154.17.170"; classtype:trojan-activity; sid:100004915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.154.83.4"; classtype:trojan-activity; sid:100004916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.178.233.232"; classtype:trojan-activity; sid:100004917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.200.16.22"; classtype:trojan-activity; sid:100004918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.200.86.70"; classtype:trojan-activity; sid:100004919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.224.83.208"; classtype:trojan-activity; sid:100004920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.226.98.236"; classtype:trojan-activity; sid:100004921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.231.164.10"; classtype:trojan-activity; sid:100004922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.51.100.121"; classtype:trojan-activity; sid:100004923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.53.120.109"; classtype:trojan-activity; sid:100004924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94.72.8.218"; classtype:trojan-activity; sid:100004925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.107.2.143"; classtype:trojan-activity; sid:100004926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.132.207.17"; classtype:trojan-activity; sid:100004927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.132.253.126"; classtype:trojan-activity; sid:100004928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.133.141.184"; classtype:trojan-activity; sid:100004929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.137.248.243"; classtype:trojan-activity; sid:100004930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.154.70.215"; classtype:trojan-activity; sid:100004931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.158.19.130"; classtype:trojan-activity; sid:100004932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.170.113.227"; classtype:trojan-activity; sid:100004933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.170.201.34"; classtype:trojan-activity; sid:100004934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.255.11.243"; classtype:trojan-activity; sid:100004935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.53.5.70"; classtype:trojan-activity; sid:100004936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.60.146.134"; classtype:trojan-activity; sid:100004937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.65.12.229"; classtype:trojan-activity; sid:100004938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"95.68.78.64"; classtype:trojan-activity; sid:100004939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"96.232.132.55"; classtype:trojan-activity; sid:100004940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"96.49.232.42"; classtype:trojan-activity; sid:100004941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"96.56.55.147"; classtype:trojan-activity; sid:100004942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"96.69.95.138"; classtype:trojan-activity; sid:100004943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"96.8.121.112"; classtype:trojan-activity; sid:100004944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"96.9.77.58"; classtype:trojan-activity; sid:100004945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"97.127.175.225"; classtype:trojan-activity; sid:100004946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"97.68.140.254"; classtype:trojan-activity; sid:100004947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"97.96.199.75"; classtype:trojan-activity; sid:100004948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.113.239.207"; classtype:trojan-activity; sid:100004949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.14.30.176"; classtype:trojan-activity; sid:100004950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.157.228.234"; classtype:trojan-activity; sid:100004951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.191.111.116"; classtype:trojan-activity; sid:100004952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.211.165.239"; classtype:trojan-activity; sid:100004953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.231.124.39"; classtype:trojan-activity; sid:100004954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.247.95.152"; classtype:trojan-activity; sid:100004955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98.30.24.54"; classtype:trojan-activity; sid:100004956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"99.150.245.203"; classtype:trojan-activity; sid:100004957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"99.2.117.58"; classtype:trojan-activity; sid:100004958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"99.26.72.169"; classtype:trojan-activity; sid:100004959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"99.33.195.164"; classtype:trojan-activity; sid:100004960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"99.74.63.103"; classtype:trojan-activity; sid:100004961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"99.8.30.116"; classtype:trojan-activity; sid:100004962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a3ium.davaohorizon.com"; classtype:trojan-activity; sid:100004963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aaidesign.org"; classtype:trojan-activity; sid:100004964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aaiiga.db.files.1drv.com"; classtype:trojan-activity; sid:100004965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aarogya-seva.com"; classtype:trojan-activity; sid:100004966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aarsaindustries.com"; classtype:trojan-activity; sid:100004967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aayushivfraipur.com"; classtype:trojan-activity; sid:100004968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abissnet.net"; classtype:trojan-activity; sid:100004969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abloni.co"; classtype:trojan-activity; sid:100004970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abmaxdigital.com"; classtype:trojan-activity; sid:100004971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aboveandbelow.com.au"; classtype:trojan-activity; sid:100004972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abyssos.eu"; classtype:trojan-activity; sid:100004973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"academyoflifecoach.com"; classtype:trojan-activity; sid:100004974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"acellr.co.uk"; classtype:trojan-activity; sid:100004975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"activecost.com.au"; classtype:trojan-activity; sid:100004976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"activenergy.com.au"; classtype:trojan-activity; sid:100004977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aditycursos.cl"; classtype:trojan-activity; sid:100004978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adl-asia.com"; classtype:trojan-activity; sid:100004979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"admin.gentbcn.org"; classtype:trojan-activity; sid:100004980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"advancerecordsinternational.com"; classtype:trojan-activity; sid:100004981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aerociel.net"; classtype:trojan-activity; sid:100004982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"afhaenterprises.com"; classtype:trojan-activity; sid:100004983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"afnan-amc.com"; classtype:trojan-activity; sid:100004984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"afrimedspecialist.com"; classtype:trojan-activity; sid:100004985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agarwal-associates.in"; classtype:trojan-activity; sid:100004986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agemn.co.za"; classtype:trojan-activity; sid:100004987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ah.btp-inc.ca"; classtype:trojan-activity; sid:100004988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aiecons.com"; classtype:trojan-activity; sid:100004989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"akdvidyalaya.com"; classtype:trojan-activity; sid:100004990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aladainexpress.com"; classtype:trojan-activity; sid:100004991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alberts.diamondrelationscrm.us"; classtype:trojan-activity; sid:100004992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alcanteladorocha.com"; classtype:trojan-activity; sid:100004993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aldahwiprivatehospital.com"; classtype:trojan-activity; sid:100004994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alemelektronik.com"; classtype:trojan-activity; sid:100004995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alena1971.es"; classtype:trojan-activity; sid:100004996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alexdubai.com.aldiabsteel.com"; classtype:trojan-activity; sid:100004997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allhomesrealestate.com.au"; classtype:trojan-activity; sid:100004998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alraischools.net"; classtype:trojan-activity; sid:100004999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alteadekori.hr"; classtype:trojan-activity; sid:100005000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amarteargentina.com.ar"; classtype:trojan-activity; sid:100005001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amumufree.weebly.com"; classtype:trojan-activity; sid:100005002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"andreaskisauer.com"; classtype:trojan-activity; sid:100005003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"andres.ug"; classtype:trojan-activity; sid:100005004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"angelsdetour.com"; classtype:trojan-activity; sid:100005005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apartamentoscitta.com"; classtype:trojan-activity; sid:100005006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apdup.com"; classtype:trojan-activity; sid:100005007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.cstdevs.com"; classtype:trojan-activity; sid:100005008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.huokejinglingvip.com"; classtype:trojan-activity; sid:100005009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.masjidy.world"; classtype:trojan-activity; sid:100005010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apoolcondo.com"; classtype:trojan-activity; sid:100005011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apps.saintsoporte.com"; classtype:trojan-activity; sid:100005012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arabianescapes.com"; classtype:trojan-activity; sid:100005013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arabuap.com"; classtype:trojan-activity; sid:100005014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"araplay.net"; classtype:trojan-activity; sid:100005015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arianarif.xyz"; classtype:trojan-activity; sid:100005016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aromatherapy.a1oilindia.in"; classtype:trojan-activity; sid:100005017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arostetelemacca.com"; classtype:trojan-activity; sid:100005018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arrkcelebrations.com"; classtype:trojan-activity; sid:100005019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ask-regard.call-save.biz"; classtype:trojan-activity; sid:100005020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asterchile.cl"; classtype:trojan-activity; sid:100005021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"astrologerparveenbharti.in"; classtype:trojan-activity; sid:100005022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asu.com.vn"; classtype:trojan-activity; sid:100005023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atpm.in"; classtype:trojan-activity; sid:100005024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atteuqpotentialunlimited.com"; classtype:trojan-activity; sid:100005025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aulaintelimundo.com"; classtype:trojan-activity; sid:100005026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aulist.com"; classtype:trojan-activity; sid:100005027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aulmaster.com"; classtype:trojan-activity; sid:100005028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aumfinance.com"; classtype:trojan-activity; sid:100005029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autofficinaguerreri.it"; classtype:trojan-activity; sid:100005030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autoq.in"; classtype:trojan-activity; sid:100005031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"avadhanagames.com"; classtype:trojan-activity; sid:100005032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"avira.ydns.eu"; classtype:trojan-activity; sid:100005033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"avtoremprof.ru"; classtype:trojan-activity; sid:100005034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"avtostekla-seme.si"; classtype:trojan-activity; sid:100005035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axiominfotech.com"; classtype:trojan-activity; sid:100005036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aydgroup.github.io"; classtype:trojan-activity; sid:100005037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aygunlerdemirfiber.com"; classtype:trojan-activity; sid:100005038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azdistribuidora.com"; classtype:trojan-activity; sid:100005039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azerbaijan-tourism.com"; classtype:trojan-activity; sid:100005040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azmeasurement.com"; classtype:trojan-activity; sid:100005041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azraktours.com"; classtype:trojan-activity; sid:100005042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aztek2.github.io"; classtype:trojan-activity; sid:100005043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"backgrounds.pk"; classtype:trojan-activity; sid:100005044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"badeggdesign.com"; classtype:trojan-activity; sid:100005045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"balbinop.github.io"; classtype:trojan-activity; sid:100005046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ballatstone.com"; classtype:trojan-activity; sid:100005047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bangkok-orchids.com"; classtype:trojan-activity; sid:100005048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bank.zanderscloud.com.ng"; classtype:trojan-activity; sid:100005049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bbia.co.uk"; classtype:trojan-activity; sid:100005050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bearcatpumps.com.cn"; classtype:trojan-activity; sid:100005051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beem.id"; classtype:trojan-activity; sid:100005052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"belgross.github.io"; classtype:trojan-activity; sid:100005053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bengong.id"; classtype:trojan-activity; sid:100005054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bespokeweddings.ie"; classtype:trojan-activity; sid:100005055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bet-club.co"; classtype:trojan-activity; sid:100005056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bewidog.cz"; classtype:trojan-activity; sid:100005057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bharattimeslive.com"; classtype:trojan-activity; sid:100005058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhasingroup.com"; classtype:trojan-activity; sid:100005059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhubaneswarfresh.in"; classtype:trojan-activity; sid:100005060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bigmikesupplies.co.za"; classtype:trojan-activity; sid:100005061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"billing.rahitechnosoft.com"; classtype:trojan-activity; sid:100005062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitmex-trade.com"; classtype:trojan-activity; sid:100005063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bito.com.pk"; classtype:trojan-activity; sid:100005064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitstorebolivia.com"; classtype:trojan-activity; sid:100005065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"black-beauty-accessories.com"; classtype:trojan-activity; sid:100005066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blackflagfishingcharter.com"; classtype:trojan-activity; sid:100005067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blackflagfishingcharters.com"; classtype:trojan-activity; sid:100005068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blanche.gr"; classtype:trojan-activity; sid:100005069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.bidvacationrental.com"; classtype:trojan-activity; sid:100005070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluemattersfishing.com"; classtype:trojan-activity; sid:100005071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bodiesofsteele.com"; classtype:trojan-activity; sid:100005072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bojwfi01.top"; classtype:trojan-activity; sid:100005073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bouhertmaoutdoors.tn"; classtype:trojan-activity; sid:100005074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bowsandbats.com"; classtype:trojan-activity; sid:100005075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bpbj.id"; classtype:trojan-activity; sid:100005076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"braindness.com"; classtype:trojan-activity; sid:100005077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"breakingbread.modelacademy.co.in"; classtype:trojan-activity; sid:100005078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"briar.com.my"; classtype:trojan-activity; sid:100005079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brickwholesaler.com"; classtype:trojan-activity; sid:100005080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightmega.com"; classtype:trojan-activity; sid:100005081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightstarshop.com"; classtype:trojan-activity; sid:100005082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brillezusatzversicherung.de"; classtype:trojan-activity; sid:100005083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bucecivini.it"; classtype:trojan-activity; sid:100005084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"build87471.github.io"; classtype:trojan-activity; sid:100005085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bullseyemedia.in"; classtype:trojan-activity; sid:100005086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bunge.skybitvest.com"; classtype:trojan-activity; sid:100005087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"burangrang.com"; classtype:trojan-activity; sid:100005088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"buruujtech.com"; classtype:trojan-activity; sid:100005089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"buscascolegios.diit.cl"; classtype:trojan-activity; sid:100005090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.oooooooooo.ga"; classtype:trojan-activity; sid:100005091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caballo.com.au"; classtype:trojan-activity; sid:100005092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"callgirlsandescortkenya.site"; classtype:trojan-activity; sid:100005093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"camminachetipassa.it"; classtype:trojan-activity; sid:100005094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"campaign.ezelo.com.bd"; classtype:trojan-activity; sid:100005095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cancer.educandome.co"; classtype:trojan-activity; sid:100005096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"catharastrologysoftware.com"; classtype:trojan-activity; sid:100005097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cbn.hypervoizd.com"; classtype:trojan-activity; sid:100005098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdaonline.com.ar"; classtype:trojan-activity; sid:100005099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdn-10049480.file.myqcloud.com"; classtype:trojan-activity; sid:100005100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdn.doxbin.org"; classtype:trojan-activity; sid:100005101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdn.sql.gg"; classtype:trojan-activity; sid:100005102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cellas.sk"; classtype:trojan-activity; sid:100005103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cendekiabinaaksara.com"; classtype:trojan-activity; sid:100005104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"certification.jacsai.org"; classtype:trojan-activity; sid:100005105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cetprovilladelnorte.com"; classtype:trojan-activity; sid:100005106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cfmkrs.com"; classtype:trojan-activity; sid:100005107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cfs10.blog.daum.net"; classtype:trojan-activity; sid:100005108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cfs13.tistory.com"; classtype:trojan-activity; sid:100005109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cfs5.tistory.com"; classtype:trojan-activity; sid:100005110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cfs7.blog.daum.net"; classtype:trojan-activity; sid:100005111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cfs9.blog.daum.net"; classtype:trojan-activity; sid:100005112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cgc.qroo.cloud"; classtype:trojan-activity; sid:100005113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"championsofinfra.com"; classtype:trojan-activity; sid:100005114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chezalice.co.za"; classtype:trojan-activity; sid:100005115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"childselect.com"; classtype:trojan-activity; sid:100005116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chouchouweb.publicvm.com"; classtype:trojan-activity; sid:100005117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chromodoris.s3.amazonaws.com"; classtype:trojan-activity; sid:100005118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chuckswey.chickenkiller.com"; classtype:trojan-activity; sid:100005119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cifeer.net"; classtype:trojan-activity; sid:100005120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ciidental.com.ec"; classtype:trojan-activity; sid:100005121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"citihits.lk"; classtype:trojan-activity; sid:100005122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cityroad.pe"; classtype:trojan-activity; sid:100005123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"classic4545.github.io"; classtype:trojan-activity; sid:100005124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clearlancer.com"; classtype:trojan-activity; sid:100005125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clientsmanagementsystem.com"; classtype:trojan-activity; sid:100005126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloud.fc.co.mz"; classtype:trojan-activity; sid:100005127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clubliko.com"; classtype:trojan-activity; sid:100005128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cm-arquitetos.com"; classtype:trojan-activity; sid:100005129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cobhamplasteringservices.co.uk"; classtype:trojan-activity; sid:100005130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"colinde.pricesne.com"; classtype:trojan-activity; sid:100005131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"community.reimclub.com"; classtype:trojan-activity; sid:100005132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connect.rio.br"; classtype:trojan-activity; sid:100005133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consorciorimpa.com"; classtype:trojan-activity; sid:100005134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"copelandscapes.com"; classtype:trojan-activity; sid:100005135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"count.mail.163.com.impactmedfoundation.com"; classtype:trojan-activity; sid:100005136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"courtneyjones.ac.ug"; classtype:trojan-activity; sid:100005137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"covertekceramica.com"; classtype:trojan-activity; sid:100005138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"covid19.cyberschool.or.id"; classtype:trojan-activity; sid:100005139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cp-saofacundo.pt"; classtype:trojan-activity; sid:100005140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cpanel.shivay.net"; classtype:trojan-activity; sid:100005141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"craiglindstrom.com"; classtype:trojan-activity; sid:100005142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crearechile.cl"; classtype:trojan-activity; sid:100005143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creationskateboards.com"; classtype:trojan-activity; sid:100005144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crecerco.com"; classtype:trojan-activity; sid:100005145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditboosterny.com"; classtype:trojan-activity; sid:100005146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cresvin.com"; classtype:trojan-activity; sid:100005147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cricket.theglobalindia.net"; classtype:trojan-activity; sid:100005148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crittersbythebay.com"; classtype:trojan-activity; sid:100005149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crmfarko.manivelasst.com"; classtype:trojan-activity; sid:100005150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crmroche.manivelasst.com"; classtype:trojan-activity; sid:100005151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cropupcreatives.com"; classtype:trojan-activity; sid:100005152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crypto-rich.craigihdeconstruction.com"; classtype:trojan-activity; sid:100005153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cumbreinterventores.com"; classtype:trojan-activity; sid:100005154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cursoinvertirenlabolsadevalores.com"; classtype:trojan-activity; sid:100005155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cutting-tools.in"; classtype:trojan-activity; sid:100005156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cynkon.kairoscs.net"; classtype:trojan-activity; sid:100005157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cyrusimportsexports.com"; classtype:trojan-activity; sid:100005158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"czsl.91756.cn"; classtype:trojan-activity; sid:100005159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d1.udashi.com"; classtype:trojan-activity; sid:100005160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dacui.online"; classtype:trojan-activity; sid:100005161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"damanins.com"; classtype:trojan-activity; sid:100005162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"danaevara.com"; classtype:trojan-activity; sid:100005163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"daohang1.oss-cn-beijing.aliyuncs.com"; classtype:trojan-activity; sid:100005164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dashboard.khholdings.co.za"; classtype:trojan-activity; sid:100005165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"data.cdevelop.org"; classtype:trojan-activity; sid:100005166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"data.green-iraq.com"; classtype:trojan-activity; sid:100005167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"data.over-blog-kiwi.com"; classtype:trojan-activity; sid:100005168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"datapolish.com"; classtype:trojan-activity; sid:100005169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dating.khokhas.co.za"; classtype:trojan-activity; sid:100005170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"davidmcguinness.info"; classtype:trojan-activity; sid:100005171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"db.alcagroup.ph"; classtype:trojan-activity; sid:100005172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dc708.4sync.com"; classtype:trojan-activity; sid:100005173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ddl8.data.hu"; classtype:trojan-activity; sid:100005174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dedeorman.github.io"; classtype:trojan-activity; sid:100005175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deerhomes.com"; classtype:trojan-activity; sid:100005176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dekovizyon.com"; classtype:trojan-activity; sid:100005177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dellhummock.com"; classtype:trojan-activity; sid:100005178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demirhotel.github.io"; classtype:trojan-activity; sid:100005179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demo.energianmittaus.fi"; classtype:trojan-activity; sid:100005180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demo.g-mart.in"; classtype:trojan-activity; sid:100005181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dental.xiaoxiao.media"; classtype:trojan-activity; sid:100005182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"designerliving.co.za"; classtype:trojan-activity; sid:100005183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev.crystalclearvapestore.co.uk"; classtype:trojan-activity; sid:100005184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev.sebpo.net"; classtype:trojan-activity; sid:100005185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev.watch-store.eu"; classtype:trojan-activity; sid:100005186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"developserver.xyz"; classtype:trojan-activity; sid:100005187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dezcom.com"; classtype:trojan-activity; sid:100005188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dfcf.91756.cn"; classtype:trojan-activity; sid:100005189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dharmgroup.com"; classtype:trojan-activity; sid:100005190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dhonr.com"; classtype:trojan-activity; sid:100005191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diags.vet"; classtype:trojan-activity; sid:100005192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diflex.ge"; classtype:trojan-activity; sid:100005193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"digitalmeritmedia.com"; classtype:trojan-activity; sid:100005194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"digitalsolutionsbs.com"; classtype:trojan-activity; sid:100005195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"digopharma.com"; classtype:trojan-activity; sid:100005196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"disinfectiontunnel.emergemetal.com"; classtype:trojan-activity; sid:100005197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dixtlan.com"; classtype:trojan-activity; sid:100005198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"djking.f3322.net"; classtype:trojan-activity; sid:100005199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"djtransport.ch"; classtype:trojan-activity; sid:100005200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.1003b.56a.com"; classtype:trojan-activity; sid:100005201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.198424.com"; classtype:trojan-activity; sid:100005202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.9xu.com"; classtype:trojan-activity; sid:100005203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.installcdn-aws.com"; classtype:trojan-activity; sid:100005204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.packetstormsecurity.net"; classtype:trojan-activity; sid:100005205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.pandasecur.com"; classtype:trojan-activity; sid:100005206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.rina-roleplay.com"; classtype:trojan-activity; sid:100005207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dmequest.com"; classtype:trojan-activity; sid:100005208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docs.twincitytraveltourism.com"; classtype:trojan-activity; sid:100005209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doggydoc.mooo.com"; classtype:trojan-activity; sid:100005210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doggyrar.mooo.com"; classtype:trojan-activity; sid:100005211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dom.daf.free.fr"; classtype:trojan-activity; sid:100005212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doncedyhall.com"; classtype:trojan-activity; sid:100005213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dongnaitw.com"; classtype:trojan-activity; sid:100005214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dormcorp.viosoria-das.ml"; classtype:trojan-activity; sid:100005215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dosman.pl"; classtype:trojan-activity; sid:100005216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"down.pcclear.com"; classtype:trojan-activity; sid:100005217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"down.rxgif.cn"; classtype:trojan-activity; sid:100005218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"down.udashi.com"; classtype:trojan-activity; sid:100005219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"down.webbora.com"; classtype:trojan-activity; sid:100005220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"down1.arpun.com"; classtype:trojan-activity; sid:100005221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"download.5866.com"; classtype:trojan-activity; sid:100005222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"download.c3pool.com"; classtype:trojan-activity; sid:100005223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"download.caihong.com"; classtype:trojan-activity; sid:100005224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"download.pdf00.cn"; classtype:trojan-activity; sid:100005225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"download.rising.com.cn"; classtype:trojan-activity; sid:100005226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"download.skycn.com"; classtype:trojan-activity; sid:100005227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"downloadpc.co"; classtype:trojan-activity; sid:100005228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpkidsfurniture.pk"; classtype:trojan-activity; sid:100005229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dragonsknot.com"; classtype:trojan-activity; sid:100005230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dreamwatchevent.com"; classtype:trojan-activity; sid:100005231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"drsha.innovativesolutions.mobi"; classtype:trojan-activity; sid:100005232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dsenterprize.co.za"; classtype:trojan-activity; sid:100005233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"du-wizards.com"; classtype:trojan-activity; sid:100005234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dutapp.wisolve.co.za"; classtype:trojan-activity; sid:100005235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dx.qqyewu.com"; classtype:trojan-activity; sid:100005236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dypage.duckdns.org"; classtype:trojan-activity; sid:100005237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dywork.duckdns.org"; classtype:trojan-activity; sid:100005238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dz.qd388.cn"; classtype:trojan-activity; sid:100005239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e-commerce.saleensuporte.com.br"; classtype:trojan-activity; sid:100005240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e-weddingcardswala.in"; classtype:trojan-activity; sid:100005241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eagleyk.com"; classtype:trojan-activity; sid:100005242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easecloud.com.br"; classtype:trojan-activity; sid:100005243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easybrand.vn"; classtype:trojan-activity; sid:100005244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easystreetinfra.com"; classtype:trojan-activity; sid:100005245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easyviettravel.vn"; classtype:trojan-activity; sid:100005246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ec2-52-47-191-173.eu-west-3.compute.amazonaws.com"; classtype:trojan-activity; sid:100005247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"econsciente.pe"; classtype:trojan-activity; sid:100005248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecp-egy.com"; classtype:trojan-activity; sid:100005249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"edjagian.com"; classtype:trojan-activity; sid:100005250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"edu.pmvanini.rs.gov.br"; classtype:trojan-activity; sid:100005251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eduniversia.org"; classtype:trojan-activity; sid:100005252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ef-web.com"; classtype:trojan-activity; sid:100005253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efficientegroup.com"; classtype:trojan-activity; sid:100005254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"egalaspot.com"; classtype:trojan-activity; sid:100005255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"egpc-sn.com"; classtype:trojan-activity; sid:100005256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eidoss.mx"; classtype:trojan-activity; sid:100005257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elbauldenora.com"; classtype:trojan-activity; sid:100005258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elitetrade.uk"; classtype:trojan-activity; sid:100005259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpescadorcelmar.com"; classtype:trojan-activity; sid:100005260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elsahelgroup.com"; classtype:trojan-activity; sid:100005261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elshadaischool.co.za"; classtype:trojan-activity; sid:100005262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emegablog.com"; classtype:trojan-activity; sid:100005263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emprendefestchile.cl"; classtype:trojan-activity; sid:100005264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"empyrealsolar.in"; classtype:trojan-activity; sid:100005265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"en.baoend.com"; classtype:trojan-activity; sid:100005266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"endurotanzania.co.tz"; classtype:trojan-activity; sid:100005267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"energy.rw"; classtype:trojan-activity; sid:100005268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enlazamultimedios.com"; classtype:trojan-activity; sid:100005269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enprrollos.ydns.eu"; classtype:trojan-activity; sid:100005270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ergotherapeia-kalamata.gr"; classtype:trojan-activity; sid:100005271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esetnode32-antiviru.ydns.eu"; classtype:trojan-activity; sid:100005272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esportesht.com.br"; classtype:trojan-activity; sid:100005273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"estiloymadera.com.py"; classtype:trojan-activity; sid:100005274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evirtuales.com"; classtype:trojan-activity; sid:100005275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evvcrisisfund.com"; classtype:trojan-activity; sid:100005276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exilum.com"; classtype:trojan-activity; sid:100005277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exploringpakistan.pk"; classtype:trojan-activity; sid:100005278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fabritonescontract.com"; classtype:trojan-activity; sid:100005279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fam-int.com"; classtype:trojan-activity; sid:100005280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"familydentist.site"; classtype:trojan-activity; sid:100005281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"faveraprojects.com"; classtype:trojan-activity; sid:100005282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fbg.ge"; classtype:trojan-activity; sid:100005283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fbi.fund"; classtype:trojan-activity; sid:100005284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ferispnp.com"; classtype:trojan-activity; sid:100005285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fidelitygulf.com"; classtype:trojan-activity; sid:100005286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"figureupgym.com"; classtype:trojan-activity; sid:100005287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"file.elecfans.com"; classtype:trojan-activity; sid:100005288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"files5.uludagbilisim.com"; classtype:trojan-activity; sid:100005289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"files6.uludagbilisim.com"; classtype:trojan-activity; sid:100005290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fite-eg.com"; classtype:trojan-activity; sid:100005291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitzfishponds.com"; classtype:trojan-activity; sid:100005292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fixauto.illumetechnology.com"; classtype:trojan-activity; sid:100005293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flashmed-sy.com"; classtype:trojan-activity; sid:100005294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flatsandvillas.in"; classtype:trojan-activity; sid:100005295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flightdeckfinancials.com"; classtype:trojan-activity; sid:100005296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"floralwaters.a1oilindia.in"; classtype:trojan-activity; sid:100005297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flyingbuddhadesign.com"; classtype:trojan-activity; sid:100005298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foodinfo.az"; classtype:trojan-activity; sid:100005299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fotoobjetivo.com"; classtype:trojan-activity; sid:100005300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foundationrepairhoustontx.net"; classtype:trojan-activity; sid:100005301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fountoflife.net"; classtype:trojan-activity; sid:100005302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foxeps.com.br"; classtype:trojan-activity; sid:100005303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freecnetdownload.com"; classtype:trojan-activity; sid:100005304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freisites.com.br"; classtype:trojan-activity; sid:100005305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fullelectronica.com.ar"; classtype:trojan-activity; sid:100005306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funletters.net"; classtype:trojan-activity; sid:100005307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"futbolpr.com"; classtype:trojan-activity; sid:100005308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"future-scope.net"; classtype:trojan-activity; sid:100005309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fxcron.com"; classtype:trojan-activity; sid:100005310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"g.popmonster.ru"; classtype:trojan-activity; sid:100005311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"g24ads.com"; classtype:trojan-activity; sid:100005312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gardenpulp.com"; classtype:trojan-activity; sid:100005313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"garibaldidal1970.com"; classtype:trojan-activity; sid:100005314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gautamconstruction.com"; classtype:trojan-activity; sid:100005315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gclub.money"; classtype:trojan-activity; sid:100005316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gelleta.com"; classtype:trojan-activity; sid:100005317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"generacciondigital.org"; classtype:trojan-activity; sid:100005318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"geomatich.it"; classtype:trojan-activity; sid:100005319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gfmodd1.webselffiles01.com"; classtype:trojan-activity; sid:100005320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gfold1.webselffiles01.com"; classtype:trojan-activity; sid:100005321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gippslandopenair.com"; classtype:trojan-activity; sid:100005322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"globalwidesafaris.com"; classtype:trojan-activity; sid:100005323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gloryeta.cl"; classtype:trojan-activity; sid:100005324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gmvadmission.org"; classtype:trojan-activity; sid:100005325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"godzuwaglobalventures.com"; classtype:trojan-activity; sid:100005326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goldcake.co.id"; classtype:trojan-activity; sid:100005327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goldenasiacapital.com"; classtype:trojan-activity; sid:100005328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greencodeteam.top"; classtype:trojan-activity; sid:100005329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greenpayindia.com"; classtype:trojan-activity; sid:100005330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grenier24.com"; classtype:trojan-activity; sid:100005331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gruzof.by"; classtype:trojan-activity; sid:100005332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gs.monerorx.com"; classtype:trojan-activity; sid:100005333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"guillermomanrique.com.mx"; classtype:trojan-activity; sid:100005334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gurdwaraaid.com"; classtype:trojan-activity; sid:100005335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gwcrresearch.org"; classtype:trojan-activity; sid:100005336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gwfindia.in"; classtype:trojan-activity; sid:100005337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gypsysanddunes.com"; classtype:trojan-activity; sid:100005338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"habbotips.free.fr"; classtype:trojan-activity; sid:100005339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hagebakken.no"; classtype:trojan-activity; sid:100005340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hangonwheels.com"; classtype:trojan-activity; sid:100005341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hangzhoufreck.com"; classtype:trojan-activity; sid:100005342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hartcontractorsltd.com"; classtype:trojan-activity; sid:100005343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hchfug.org"; classtype:trojan-activity; sid:100005344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hdkamera2003.hu"; classtype:trojan-activity; sid:100005345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hdpornos.online"; classtype:trojan-activity; sid:100005346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hexiros.com"; classtype:trojan-activity; sid:100005347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heyyou6013.lowjunnhoi.repl.co"; classtype:trojan-activity; sid:100005348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hhaward.org"; classtype:trojan-activity; sid:100005349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"highlandslasvegas.atakdev.com"; classtype:trojan-activity; sid:100005350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hindisaathi.in"; classtype:trojan-activity; sid:100005351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hirimmigration.com"; classtype:trojan-activity; sid:100005352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"historiasdelfifa.com"; classtype:trojan-activity; sid:100005353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hitadolawfirm.com"; classtype:trojan-activity; sid:100005354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hitstation.nl"; classtype:trojan-activity; sid:100005355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hmpmall.co.kr"; classtype:trojan-activity; sid:100005356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hoayeuthuong-my.sharepoint.com"; classtype:trojan-activity; sid:100005357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"holycakes.biz"; classtype:trojan-activity; sid:100005358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hondanepal.com"; classtype:trojan-activity; sid:100005359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hongluosi.com"; classtype:trojan-activity; sid:100005360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"horizon-360.fr"; classtype:trojan-activity; sid:100005361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hospital.fecom.in"; classtype:trojan-activity; sid:100005362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hostingparacolombia.com"; classtype:trojan-activity; sid:100005363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hotelhadieh.ir"; classtype:trojan-activity; sid:100005364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hovitrans.in"; classtype:trojan-activity; sid:100005365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"howimetyourdata.com"; classtype:trojan-activity; sid:100005366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hr2019.vrcom7.com"; classtype:trojan-activity; sid:100005367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hrezim.tk"; classtype:trojan-activity; sid:100005368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hsecaravans.co.uk"; classtype:trojan-activity; sid:100005369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hseda.com"; classtype:trojan-activity; sid:100005370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"htownbars.com"; classtype:trojan-activity; sid:100005371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huancaraylla.com"; classtype:trojan-activity; sid:100005372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"humanresourceslifeline.com"; classtype:trojan-activity; sid:100005373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hunggiang.vn"; classtype:trojan-activity; sid:100005374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hutyrtit.ydns.eu"; classtype:trojan-activity; sid:100005375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hwg.jelikob.ru"; classtype:trojan-activity; sid:100005376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypejamz.com"; classtype:trojan-activity; sid:100005377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ibsdl.de"; classtype:trojan-activity; sid:100005378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"icloud.corporaciongrl.com"; classtype:trojan-activity; sid:100005379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idilsoft.com"; classtype:trojan-activity; sid:100005380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idj.no"; classtype:trojan-activity; sid:100005381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iforyou.ge"; classtype:trojan-activity; sid:100005382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ihome.pk"; classtype:trojan-activity; sid:100005383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iimsmind.com"; classtype:trojan-activity; sid:100005384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikorgs.github.io"; classtype:trojan-activity; sid:100005385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"images.jermiau.com"; classtype:trojan-activity; sid:100005386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imbueautoworx.co.za"; classtype:trojan-activity; sid:100005387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"immci.net"; classtype:trojan-activity; sid:100005388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"impactmarketingservice.in"; classtype:trojan-activity; sid:100005389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblepixels.com"; classtype:trojan-activity; sid:100005390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incredicole.com"; classtype:trojan-activity; sid:100005391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"indonesias.me"; classtype:trojan-activity; sid:100005392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"indrasbikaner.com"; classtype:trojan-activity; sid:100005393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infovator.com"; classtype:trojan-activity; sid:100005394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ingequip.pe"; classtype:trojan-activity; sid:100005395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"innosolv-idine.com"; classtype:trojan-activity; sid:100005396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"interlinkmulticoncept.com"; classtype:trojan-activity; sid:100005397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"interpolar.in"; classtype:trojan-activity; sid:100005398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intersel-idf.org"; classtype:trojan-activity; sid:100005399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"interviewsetup.com"; classtype:trojan-activity; sid:100005400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"invoice.99p.ru"; classtype:trojan-activity; sid:100005401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ioffice168.com"; classtype:trojan-activity; sid:100005402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iqwasithealth.com"; classtype:trojan-activity; sid:100005403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ircomm.s3.ap-south-1.amazonaws.com"; classtype:trojan-activity; sid:100005404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"irelanddurgotsab.ie"; classtype:trojan-activity; sid:100005405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironwillgroup.com"; classtype:trojan-activity; sid:100005406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isaac.mikhailmotoringschool.com"; classtype:trojan-activity; sid:100005407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isatechnology.com"; classtype:trojan-activity; sid:100005408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iscfcouncil.org"; classtype:trojan-activity; sid:100005409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"itc-demo.softgig.co.ke"; classtype:trojan-activity; sid:100005410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"itrcchennai.com"; classtype:trojan-activity; sid:100005411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"itsjapps.com"; classtype:trojan-activity; sid:100005412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"izeltelekom.com"; classtype:trojan-activity; sid:100005413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jaguapita.site"; classtype:trojan-activity; sid:100005414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jaimyworld.duckdns.org"; classtype:trojan-activity; sid:100005415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jakaridevelopers.com"; classtype:trojan-activity; sid:100005416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jamshed.pk"; classtype:trojan-activity; sid:100005417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jardinaix.fr"; classtype:trojan-activity; sid:100005418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"java.waterflowergarden.com"; classtype:trojan-activity; sid:100005419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jawdafood.com"; classtype:trojan-activity; sid:100005420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jay.diamondrelationscrm.us"; classtype:trojan-activity; sid:100005421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jayowebdesignmelbourne.com"; classtype:trojan-activity; sid:100005422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jcedu.org"; classtype:trojan-activity; sid:100005423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jdkems.com"; classtype:trojan-activity; sid:100005424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jedarsteel.ae"; classtype:trojan-activity; sid:100005425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jeffdahlke.com"; classtype:trojan-activity; sid:100005426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jelikob.ru"; classtype:trojan-activity; sid:100005427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jennwolfemtb.com"; classtype:trojan-activity; sid:100005428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jfzlp.com"; classtype:trojan-activity; sid:100005429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhayesconsulting.com"; classtype:trojan-activity; sid:100005430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jiaoyuzixun.cn"; classtype:trojan-activity; sid:100005431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jnanbharati.com"; classtype:trojan-activity; sid:100005432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jornadadolancamento.com"; classtype:trojan-activity; sid:100005433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"josefinamagasich.cl"; classtype:trojan-activity; sid:100005434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joshuaganss.com"; classtype:trojan-activity; sid:100005435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jossyemb-produc.com"; classtype:trojan-activity; sid:100005436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jpcleaningservices2.davaohorizon.com"; classtype:trojan-activity; sid:100005437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jqueri-web.at"; classtype:trojan-activity; sid:100005438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"justinscott.com.au"; classtype:trojan-activity; sid:100005439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jutify.com"; classtype:trojan-activity; sid:100005440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jyk85mxc.z1001.net"; classtype:trojan-activity; sid:100005441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kalogirosfinance.com"; classtype:trojan-activity; sid:100005442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kamayan.co"; classtype:trojan-activity; sid:100005443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kamikirim.id"; classtype:trojan-activity; sid:100005444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"karer.by"; classtype:trojan-activity; sid:100005445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"karmakoincodes.weebly.com"; classtype:trojan-activity; sid:100005446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"katanvetov.co.il"; classtype:trojan-activity; sid:100005447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kavaleto.gr"; classtype:trojan-activity; sid:100005448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kelbro.xyz"; classtype:trojan-activity; sid:100005449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kensingtondriving.com"; classtype:trojan-activity; sid:100005450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keralachendamelam.in"; classtype:trojan-activity; sid:100005451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kf.carthage2s.com"; classtype:trojan-activity; sid:100005452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kgswitchgear.com"; classtype:trojan-activity; sid:100005453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"khadimsultanulfaqr.com"; classtype:trojan-activity; sid:100005454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kidsangelcards.com"; classtype:trojan-activity; sid:100005455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kidswithagency.com"; classtype:trojan-activity; sid:100005456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kimyen.net"; classtype:trojan-activity; sid:100005457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kjcpromo.com"; classtype:trojan-activity; sid:100005458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"km.popmonster.ru"; classtype:trojan-activity; sid:100005459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"korrectconceptservices.com"; classtype:trojan-activity; sid:100005460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kqyedu.ca"; classtype:trojan-activity; sid:100005461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"krainikovvlad.eternalhost.info"; classtype:trojan-activity; sid:100005462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"krisbadminton.com"; classtype:trojan-activity; sid:100005463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ks.cn"; classtype:trojan-activity; sid:100005464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ktechnetwork.com"; classtype:trojan-activity; sid:100005465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kuh.life"; classtype:trojan-activity; sid:100005466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kutegiagoc.com"; classtype:trojan-activity; sid:100005467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lagosnipr.com"; classtype:trojan-activity; sid:100005468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"landhouse.uz"; classtype:trojan-activity; sid:100005469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"landing.yetiapp.ec"; classtype:trojan-activity; sid:100005470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lasermobilesounds.co.uk"; classtype:trojan-activity; sid:100005471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latinaked.club"; classtype:trojan-activity; sid:100005472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lauratomismith.com"; classtype:trojan-activity; sid:100005473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lauratornay.com"; classtype:trojan-activity; sid:100005474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lawyerswatchforjustice.com"; classtype:trojan-activity; sid:100005475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lceventos.net"; classtype:trojan-activity; sid:100005476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ld.mediaget.com"; classtype:trojan-activity; sid:100005477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ldgcorp.com"; classtype:trojan-activity; sid:100005478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leadpak.in"; classtype:trojan-activity; sid:100005479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leak.serveftp.com"; classtype:trojan-activity; sid:100005480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leasiacherise.com"; classtype:trojan-activity; sid:100005481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leavemylinkpls.mooo.com"; classtype:trojan-activity; sid:100005482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lefteriskkokkiskikinew.ydns.eu"; classtype:trojan-activity; sid:100005483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legacytrending.com"; classtype:trojan-activity; sid:100005484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legend.nu"; classtype:trojan-activity; sid:100005485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legitwap.com"; classtype:trojan-activity; sid:100005486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leodez.uz"; classtype:trojan-activity; sid:100005487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lespagt.com"; classtype:trojan-activity; sid:100005488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lestesteux.ca"; classtype:trojan-activity; sid:100005489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"library.arihantmbainstitute.ac.in"; classtype:trojan-activity; sid:100005490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lidamtour.com"; classtype:trojan-activity; sid:100005491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lightap.shop"; classtype:trojan-activity; sid:100005492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"linkintec.cn"; classtype:trojan-activity; sid:100005493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"liquidity24.com"; classtype:trojan-activity; sid:100005494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livehelpco.com"; classtype:trojan-activity; sid:100005495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livetrack.in"; classtype:trojan-activity; sid:100005496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lm.stagingarea.co.za"; classtype:trojan-activity; sid:100005497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lms.cstdevs.com"; classtype:trojan-activity; sid:100005498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lms.login2.in"; classtype:trojan-activity; sid:100005499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"location-voitures.ma"; classtype:trojan-activity; sid:100005500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"longcheckdo.com"; classtype:trojan-activity; sid:100005501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loomartsindustries.com"; classtype:trojan-activity; sid:100005502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loomworld.in"; classtype:trojan-activity; sid:100005503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"losrobles.uy"; classtype:trojan-activity; sid:100005504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"losviejonesfoodtruck.com"; classtype:trojan-activity; sid:100005505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ls-droid.com"; classtype:trojan-activity; sid:100005506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ltc.typoten.com"; classtype:trojan-activity; sid:100005507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luminouspneuma.com"; classtype:trojan-activity; sid:100005508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m-technics.kz"; classtype:trojan-activity; sid:100005509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m8.popmonster.ru"; classtype:trojan-activity; sid:100005510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madicon.co.za"; classtype:trojan-activity; sid:100005511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.bs-eiendomme.co.za"; classtype:trojan-activity; sid:100005512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailer.srkcommunication.biz"; classtype:trojan-activity; sid:100005513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makeupuccino.com"; classtype:trojan-activity; sid:100005514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maksi.feb.unib.ac.id"; classtype:trojan-activity; sid:100005515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maltepecastajanslari.bykmedya.com"; classtype:trojan-activity; sid:100005516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mamabearcoffee.com"; classtype:trojan-activity; sid:100005517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maquinadosgutierrez.com"; classtype:trojan-activity; sid:100005518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mariachinuevocontinental.mx"; classtype:trojan-activity; sid:100005519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mariobrown.net"; classtype:trojan-activity; sid:100005520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketersarea.com"; classtype:trojan-activity; sid:100005521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketingintelligence.tech"; classtype:trojan-activity; sid:100005522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marksidfgs.ug"; classtype:trojan-activity; sid:100005523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marmariscastajanslari.bykmedya.com"; classtype:trojan-activity; sid:100005524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marquesvogt.com"; classtype:trojan-activity; sid:100005525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"martinsinn.com"; classtype:trojan-activity; sid:100005526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matong47.com"; classtype:trojan-activity; sid:100005527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mavensidd.com"; classtype:trojan-activity; sid:100005528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maxiquim.cl"; classtype:trojan-activity; sid:100005529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mayacert.bio"; classtype:trojan-activity; sid:100005530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mbgrm.com"; classtype:trojan-activity; sid:100005531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mbsolutions.ge"; classtype:trojan-activity; sid:100005532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mbx.com.au"; classtype:trojan-activity; sid:100005533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meatworld-pk.com"; classtype:trojan-activity; sid:100005534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mechanoesis.gr"; classtype:trojan-activity; sid:100005535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"media-server.skyinternet.com.pk"; classtype:trojan-activity; sid:100005536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medianews.ge"; classtype:trojan-activity; sid:100005537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meetjennifer.com"; classtype:trojan-activity; sid:100005538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeweb.com"; classtype:trojan-activity; sid:100005539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"megagynreformas.com.br"; classtype:trojan-activity; sid:100005540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mehainteriors.com"; classtype:trojan-activity; sid:100005541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meine.santander.de-id1nd81he1dbdv1vvadv1vag7d1vasvdd172dv7agseg1d1ds.xyz"; classtype:trojan-activity; sid:100005542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meritinspectionsolutions.com"; classtype:trojan-activity; sid:100005543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meshentvis.ge"; classtype:trojan-activity; sid:100005544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meuoculosnanet.com.br"; classtype:trojan-activity; sid:100005545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mfevr.com"; classtype:trojan-activity; sid:100005546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microblading.mirliandias.com.br"; classtype:trojan-activity; sid:100005547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microcomm-group.com"; classtype:trojan-activity; sid:100005548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mikhailmotoringschool.com"; classtype:trojan-activity; sid:100005549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"minelaan.com"; classtype:trojan-activity; sid:100005550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"minmarkets.com"; classtype:trojan-activity; sid:100005551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mipymetv.cl"; classtype:trojan-activity; sid:100005552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mirror.mypage.sk"; classtype:trojan-activity; sid:100005553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mis.nbcc.ac.th"; classtype:trojan-activity; sid:100005554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"misterson.com"; classtype:trojan-activity; sid:100005555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mistydeblasiophotography.com"; classtype:trojan-activity; sid:100005556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mitarmilan.com"; classtype:trojan-activity; sid:100005557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mkitsan.github.io"; classtype:trojan-activity; sid:100005558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mkontakt.az"; classtype:trojan-activity; sid:100005559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mktf.mx"; classtype:trojan-activity; sid:100005560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mmd.cityhelpcall.com"; classtype:trojan-activity; sid:100005561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mmdx.com"; classtype:trojan-activity; sid:100005562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mnmch.com"; classtype:trojan-activity; sid:100005563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobile.illumetechnology.com"; classtype:trojan-activity; sid:100005564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"moe.xiaomitq.com"; classtype:trojan-activity; sid:100005565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"morrobaydrugandgift.com"; classtype:trojan-activity; sid:100005566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"motorcomunicacion.com"; classtype:trojan-activity; sid:100005567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mpcbahamas.com"; classtype:trojan-activity; sid:100005568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mscdn.nuonuo.com"; classtype:trojan-activity; sid:100005569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"msntv.in"; classtype:trojan-activity; sid:100005570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mumgee.co.za"; classtype:trojan-activity; sid:100005571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"muradvietnam.vn"; classtype:trojan-activity; sid:100005572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"musichouse.sa"; classtype:trojan-activity; sid:100005573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"musicnote.soundcast.me"; classtype:trojan-activity; sid:100005574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"musicvalley.in"; classtype:trojan-activity; sid:100005575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mutatechgroup.com"; classtype:trojan-activity; sid:100005576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"muzimbiti.xigubo.co.mz"; classtype:trojan-activity; sid:100005577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mxpiqw.am.files.1drv.com"; classtype:trojan-activity; sid:100005578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.cloudme.com"; classtype:trojan-activity; sid:100005579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myadmin.it"; classtype:trojan-activity; sid:100005580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mydownloads.myftp.org"; classtype:trojan-activity; sid:100005581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myhfpa.org"; classtype:trojan-activity; sid:100005582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myhospital.it"; classtype:trojan-activity; sid:100005583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymlql.com"; classtype:trojan-activity; sid:100005584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myspa2u.com"; classtype:trojan-activity; sid:100005585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mysura.it"; classtype:trojan-activity; sid:100005586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n109qroo.com"; classtype:trojan-activity; sid:100005587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"namaskaruk.com"; classtype:trojan-activity; sid:100005588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"namproject.jp"; classtype:trojan-activity; sid:100005589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nasapaul.com"; classtype:trojan-activity; sid:100005590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nastarcontractors.com"; classtype:trojan-activity; sid:100005591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"necocheasexshop.com"; classtype:trojan-activity; sid:100005592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nerve.untergrund.net"; classtype:trojan-activity; sid:100005593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettube.com.br"; classtype:trojan-activity; sid:100005594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"networkwheels.co.za"; classtype:trojan-activity; sid:100005595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newdevjyq.devjyq.com"; classtype:trojan-activity; sid:100005596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newlighting.ro"; classtype:trojan-activity; sid:100005597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newtreedesign.co.uk"; classtype:trojan-activity; sid:100005598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newyarlfm.weebly.com"; classtype:trojan-activity; sid:100005599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nextdigitalday.ru"; classtype:trojan-activity; sid:100005600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhorangtreem.com"; classtype:trojan-activity; sid:100005601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nidangroup.in"; classtype:trojan-activity; sid:100005602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nikitarovonovich.pserver.ru"; classtype:trojan-activity; sid:100005603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"njtiledesigncenter.com"; classtype:trojan-activity; sid:100005604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nlsccg.am.files.1drv.com"; classtype:trojan-activity; sid:100005605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nmkonline.com"; classtype:trojan-activity; sid:100005606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nomadicbees.com"; classtype:trojan-activity; sid:100005607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"notebookparcalari.com"; classtype:trojan-activity; sid:100005608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"novahcca.com"; classtype:trojan-activity; sid:100005609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ns1.the-widyantos.com"; classtype:trojan-activity; sid:100005610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nsb.org.uk"; classtype:trojan-activity; sid:100005611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nurmarkaz.org"; classtype:trojan-activity; sid:100005612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nyasabigbullets.com"; classtype:trojan-activity; sid:100005613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"objetivosaludable.com"; classtype:trojan-activity; sid:100005614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"obqs.uz"; classtype:trojan-activity; sid:100005615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"octoil.net"; classtype:trojan-activity; sid:100005616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offlineclubz.com"; classtype:trojan-activity; sid:100005617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ohsewgorgeous.co.uk"; classtype:trojan-activity; sid:100005618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"old.cybers.com.ua"; classtype:trojan-activity; sid:100005619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oleholeh.memangbeda.website"; classtype:trojan-activity; sid:100005620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oleoresins.a1oilindia.in"; classtype:trojan-activity; sid:100005621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ombrapiatta.com"; classtype:trojan-activity; sid:100005622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"omega.az"; classtype:trojan-activity; sid:100005623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oms.pappai.com"; classtype:trojan-activity; sid:100005624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onedrive.listifyapp.co"; classtype:trojan-activity; sid:100005625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online.creedglobal.in"; classtype:trojan-activity; sid:100005626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onvkfashion.com"; classtype:trojan-activity; sid:100005627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onyx-food.com"; classtype:trojan-activity; sid:100005628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"opolis.io"; classtype:trojan-activity; sid:100005629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oracle.zzhreceive.top"; classtype:trojan-activity; sid:100005630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orientgatewayltd.com"; classtype:trojan-activity; sid:100005631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oronoziparraguirre.com"; classtype:trojan-activity; sid:100005632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orsan.gruporhynous.com"; classtype:trojan-activity; sid:100005633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ottpremium.shoters.cc"; classtype:trojan-activity; sid:100005634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"outdoortacklebox.com"; classtype:trojan-activity; sid:100005635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ozadowear.com"; classtype:trojan-activity; sid:100005636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ozemag.com"; classtype:trojan-activity; sid:100005637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ozfacts.com"; classtype:trojan-activity; sid:100005638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"p2.d9media.cn"; classtype:trojan-activity; sid:100005639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"p3.zbjimg.com"; classtype:trojan-activity; sid:100005640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"p6.zbjimg.com"; classtype:trojan-activity; sid:100005641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pablobrothel.com.ar"; classtype:trojan-activity; sid:100005642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pacificmedicalanddiagnostics.com"; classtype:trojan-activity; sid:100005643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pacwebdesigns.com"; classtype:trojan-activity; sid:100005644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pallascapital.katchpurcity.com"; classtype:trojan-activity; sid:100005645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"parallel.rockvideos.at"; classtype:trojan-activity; sid:100005646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pastorzion.com"; classtype:trojan-activity; sid:100005647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pataphysics.net.au"; classtype:trojan-activity; sid:100005648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patch2.51lg.com"; classtype:trojan-activity; sid:100005649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patch2.99ddd.com"; classtype:trojan-activity; sid:100005650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patch3.99ddd.com"; classtype:trojan-activity; sid:100005651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patriotpath.am"; classtype:trojan-activity; sid:100005652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paulmercier.biz"; classtype:trojan-activity; sid:100005653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"payerrealty.com"; classtype:trojan-activity; sid:100005654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pearpearsadventures.com"; classtype:trojan-activity; sid:100005655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pedicollections.com"; classtype:trojan-activity; sid:100005656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"perpustekim.untirta.ac.id"; classtype:trojan-activity; sid:100005657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pestoclean.co.uk"; classtype:trojan-activity; sid:100005658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ph4s.ru"; classtype:trojan-activity; sid:100005659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pharmrhy.in"; classtype:trojan-activity; sid:100005660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phasdesign.com"; classtype:trojan-activity; sid:100005661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"piemontesasaffitti.e-bill.it"; classtype:trojan-activity; sid:100005662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pikasho.com"; classtype:trojan-activity; sid:100005663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pixelmagia.com"; classtype:trojan-activity; sid:100005664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plasfan.ind.br"; classtype:trojan-activity; sid:100005665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"platocap.az"; classtype:trojan-activity; sid:100005666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plive.today"; classtype:trojan-activity; sid:100005667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pole.com.vc"; classtype:trojan-activity; sid:100005668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poojamani.com"; classtype:trojan-activity; sid:100005669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pooltablemoversdenver.net"; classtype:trojan-activity; sid:100005670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"popmonster.ru"; classtype:trojan-activity; sid:100005671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"posmicrosystems.com"; classtype:trojan-activity; sid:100005672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poweport.github.io"; classtype:trojan-activity; sid:100005673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prestasicash.com.ar"; classtype:trojan-activity; sid:100005674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prestigehomeautomation.net"; classtype:trojan-activity; sid:100005675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prevenzioneformazionelavoro.it"; classtype:trojan-activity; sid:100005676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacy-toolz-for-you-5000.top"; classtype:trojan-activity; sid:100005677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacytoolzfor-you5000.top"; classtype:trojan-activity; sid:100005678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proboinnova.cl"; classtype:trojan-activity; sid:100005679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"probus-auto.hr"; classtype:trojan-activity; sid:100005680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"productoslaesperanza.co"; classtype:trojan-activity; sid:100005681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"programacanguro.org"; classtype:trojan-activity; sid:100005682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"projetus.marketing"; classtype:trojan-activity; sid:100005683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promas.com"; classtype:trojan-activity; sid:100005684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promogifting.com"; classtype:trojan-activity; sid:100005685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promote-biologics.com"; classtype:trojan-activity; sid:100005686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promoversdubai.com"; classtype:trojan-activity; sid:100005687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosoc.nl"; classtype:trojan-activity; sid:100005688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosupport.cl"; classtype:trojan-activity; sid:100005689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pubkom.sn"; classtype:trojan-activity; sid:100005690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"punjabdevelopersassociation.com.pk"; classtype:trojan-activity; sid:100005691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pvcprinting.co.uk"; classtype:trojan-activity; sid:100005692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pvtfans.com"; classtype:trojan-activity; sid:100005693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qmsled.com"; classtype:trojan-activity; sid:100005694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qsbinternational.com"; classtype:trojan-activity; sid:100005695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quartier-midi.be"; classtype:trojan-activity; sid:100005696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"querocar.com"; classtype:trojan-activity; sid:100005697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quickbooks.thormobilemanagement.com"; classtype:trojan-activity; sid:100005698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qy668pay.com"; classtype:trojan-activity; sid:100005699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rabsit.com"; classtype:trojan-activity; sid:100005700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raipackers.com"; classtype:trojan-activity; sid:100005701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakeshkhatri.in"; classtype:trojan-activity; sid:100005702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rangsay.com"; classtype:trojan-activity; sid:100005703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rashika.ascarvalho.co.za"; classtype:trojan-activity; sid:100005704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ratemyfenancialadvisor.com"; classtype:trojan-activity; sid:100005705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rcmesilva.charbelsales.com.br"; classtype:trojan-activity; sid:100005706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reacredit.com.br"; classtype:trojan-activity; sid:100005707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reconindia.co.in"; classtype:trojan-activity; sid:100005708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"redbats.co.in"; classtype:trojan-activity; sid:100005709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"refrigerationsparepartssuppliers.com"; classtype:trojan-activity; sid:100005710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"regalasite.com"; classtype:trojan-activity; sid:100005711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reifenquick.de"; classtype:trojan-activity; sid:100005712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"relance.msk.ru"; classtype:trojan-activity; sid:100005713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"relaxindulge.co.nz"; classtype:trojan-activity; sid:100005714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"remisserimac.com"; classtype:trojan-activity; sid:100005715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renehavis.com.ua"; classtype:trojan-activity; sid:100005716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reseller.itechbrasil.com"; classtype:trojan-activity; sid:100005717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"resumechakra.in"; classtype:trojan-activity; sid:100005718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retailexpertscloud.com"; classtype:trojan-activity; sid:100005719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retracker.host"; classtype:trojan-activity; sid:100005720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"revistamipyme.com"; classtype:trojan-activity; sid:100005721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rfidmag.ir"; classtype:trojan-activity; sid:100005722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rgsmpro.com"; classtype:trojan-activity; sid:100005723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ricambi.fixtofix.it"; classtype:trojan-activity; sid:100005724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"richcompliance.com"; classtype:trojan-activity; sid:100005725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rinaefoundation.org.za"; classtype:trojan-activity; sid:100005726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rinkaisystem-ht.com"; classtype:trojan-activity; sid:100005727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rkogroup.github.io"; classtype:trojan-activity; sid:100005728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ro4drunner.com"; classtype:trojan-activity; sid:100005729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robertsinclair.net"; classtype:trojan-activity; sid:100005730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roccastel.com"; classtype:trojan-activity; sid:100005731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"romanianpoints.com"; classtype:trojan-activity; sid:100005732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roshnijewellery.com"; classtype:trojan-activity; sid:100005733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"royalhomesindia.com"; classtype:trojan-activity; sid:100005734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"royalqueenmarine.com"; classtype:trojan-activity; sid:100005735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rs-toolkit.mikestclair.org"; classtype:trojan-activity; sid:100005736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rubazar.pro"; classtype:trojan-activity; sid:100005737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rubycityvietnam.com"; classtype:trojan-activity; sid:100005738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rudastore.uy"; classtype:trojan-activity; sid:100005739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ruisgood.ru"; classtype:trojan-activity; sid:100005740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rusyacastajanslari.bykmedya.com"; classtype:trojan-activity; sid:100005741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rutault.fr"; classtype:trojan-activity; sid:100005742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ruwadalkuwait.com"; classtype:trojan-activity; sid:100005743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ruzxpnew4af.space"; classtype:trojan-activity; sid:100005744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s.51shijuan.com"; classtype:trojan-activity; sid:100005745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sacredscentsonline.com"; classtype:trojan-activity; sid:100005746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safcol-colors.com"; classtype:trojan-activity; sid:100005747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sahooji.com"; classtype:trojan-activity; sid:100005748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sainzim.co.za"; classtype:trojan-activity; sid:100005749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sajadvisory.com"; classtype:trojan-activity; sid:100005750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sales.reoprime.com"; classtype:trojan-activity; sid:100005751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sample3.khushiyonkazariya.in"; classtype:trojan-activity; sid:100005752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanakharid.ir"; classtype:trojan-activity; sid:100005753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanbari.mx"; classtype:trojan-activity; sid:100005754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sangariri.github.io"; classtype:trojan-activity; sid:100005755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sangramfoundation.com"; classtype:trojan-activity; sid:100005756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santanaturanetwork.pro"; classtype:trojan-activity; sid:100005757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santyago.org"; classtype:trojan-activity; sid:100005758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sarl-entrain.fr"; classtype:trojan-activity; sid:100005759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sasystemsuk.com"; classtype:trojan-activity; sid:100005760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scglobal.co.th"; classtype:trojan-activity; sid:100005761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scopeworld.com"; classtype:trojan-activity; sid:100005762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seamlessvideowall.com"; classtype:trojan-activity; sid:100005763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seba.sit.uproducts.in"; classtype:trojan-activity; sid:100005764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure04sd.my03.com"; classtype:trojan-activity; sid:100005765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityservice247.com"; classtype:trojan-activity; sid:100005766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seetpl.com"; classtype:trojan-activity; sid:100005767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"senbiaojita.com"; classtype:trojan-activity; sid:100005768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sericaasia.com"; classtype:trojan-activity; sid:100005769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service.easytrace.mn"; classtype:trojan-activity; sid:100005770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service.pizmedia.web.id"; classtype:trojan-activity; sid:100005771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services5500.sytes.net"; classtype:trojan-activity; sid:100005772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"serviciovirtual.com.ar"; classtype:trojan-activity; sid:100005773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servidor.indommus.com"; classtype:trojan-activity; sid:100005774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seryzpiekielnika.pl"; classtype:trojan-activity; sid:100005775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"setorpublico.com"; classtype:trojan-activity; sid:100005776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sexologistpakistan.net"; classtype:trojan-activity; sid:100005777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shadihub.hmrngroup.com"; classtype:trojan-activity; sid:100005778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shahikhana.cstdevs.com"; classtype:trojan-activity; sid:100005779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shahu66.com"; classtype:trojan-activity; sid:100005780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sham.team"; classtype:trojan-activity; sid:100005781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sharp-mongolia.com"; classtype:trojan-activity; sid:100005782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopilyv.com"; classtype:trojan-activity; sid:100005783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"short.extrafandome.com"; classtype:trojan-activity; sid:100005784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shreechi.com"; classtype:trojan-activity; sid:100005785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shresthatrade.com"; classtype:trojan-activity; sid:100005786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shridhargroups.com"; classtype:trojan-activity; sid:100005787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shrushtiinfotech.com"; classtype:trojan-activity; sid:100005788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sicasasesores.com"; classtype:trojan-activity; sid:100005789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sidradupommier.com"; classtype:trojan-activity; sid:100005790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sige.brisainformatica.com.br"; classtype:trojan-activity; sid:100005791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signatureads.co.in"; classtype:trojan-activity; sid:100005792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"siili.net"; classtype:trojan-activity; sid:100005793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silentlegion.duckdns.org"; classtype:trojan-activity; sid:100005794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silentlegion.kozow.com"; classtype:trojan-activity; sid:100005795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silkflexbd.com"; classtype:trojan-activity; sid:100005796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"simoneporzi.it"; classtype:trojan-activity; sid:100005797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sindicato1ucm.cl"; classtype:trojan-activity; sid:100005798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"siriusblackshop.com"; classtype:trojan-activity; sid:100005799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sistelligent.com"; classtype:trojan-activity; sid:100005800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sistemabimcost.com"; classtype:trojan-activity; sid:100005801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skyflightsupport.com"; classtype:trojan-activity; sid:100005802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skyofsaints.duckdns.org"; classtype:trojan-activity; sid:100005803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skyscan.com"; classtype:trojan-activity; sid:100005804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sman1paguyaman.sch.id"; classtype:trojan-activity; sid:100005805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smarthouseforum.ru"; classtype:trojan-activity; sid:100005806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartrestoerp.com"; classtype:trojan-activity; sid:100005807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartxindia.com"; classtype:trojan-activity; sid:100005808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"socialbuddy.pk"; classtype:trojan-activity; sid:100005809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sodovip88.com"; classtype:trojan-activity; sid:100005810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"softwareleading.com"; classtype:trojan-activity; sid:100005811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"solidcapitalgroup.nl"; classtype:trojan-activity; sid:100005812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"somcorbera.cat"; classtype:trojan-activity; sid:100005813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sopage.duckdns.org"; classtype:trojan-activity; sid:100005814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sota-france.fr"; classtype:trojan-activity; sid:100005815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sowork.duckdns.org"; classtype:trojan-activity; sid:100005816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sparkeventz.com"; classtype:trojan-activity; sid:100005817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spent.com.pl"; classtype:trojan-activity; sid:100005818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spetsesyachtcharter.gr"; classtype:trojan-activity; sid:100005819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spiceoils.a1oilindia.in"; classtype:trojan-activity; sid:100005820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spices.com.sg"; classtype:trojan-activity; sid:100005821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spielbankonlinespielen.de"; classtype:trojan-activity; sid:100005822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springfieldhomes.ca"; classtype:trojan-activity; sid:100005823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"squadlegion.crabdance.com"; classtype:trojan-activity; sid:100005824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"squadlegion.kozow.com"; classtype:trojan-activity; sid:100005825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"src1.minibai.com"; classtype:trojan-activity; sid:100005826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"srianbusiness.com"; classtype:trojan-activity; sid:100005827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sriramplacement.com"; classtype:trojan-activity; sid:100005828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"srrealestate.techzonecam.com"; classtype:trojan-activity; sid:100005829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"srvmanos.no-ip.info"; classtype:trojan-activity; sid:100005830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sshyderabadbiryani.com"; classtype:trojan-activity; sid:100005831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sspbluebox.com"; classtype:trojan-activity; sid:100005832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ssvtextiles.com"; classtype:trojan-activity; sid:100005833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"st.devcodin.com"; classtype:trojan-activity; sid:100005834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stagencyperu.com"; classtype:trojan-activity; sid:100005835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static.3001.net"; classtype:trojan-activity; sid:100005836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static.cz01.cn"; classtype:trojan-activity; sid:100005837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steelhorns.net"; classtype:trojan-activity; sid:100005838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sterlitecamotech.com"; classtype:trojan-activity; sid:100005839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sticker.jewsjuice.com"; classtype:trojan-activity; sid:100005840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stockyhouse.com"; classtype:trojan-activity; sid:100005841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storage-list.com"; classtype:trojan-activity; sid:100005842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"story-life.net"; classtype:trojan-activity; sid:100005843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"student.eduplus.com.br"; classtype:trojan-activity; sid:100005844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stunningfood.in"; classtype:trojan-activity; sid:100005845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subhalaalicaterers.com"; classtype:trojan-activity; sid:100005846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"submissions.tentcityrecords.net"; classtype:trojan-activity; sid:100005847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suimuis.com"; classtype:trojan-activity; sid:100005848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sultanularifeen.com"; classtype:trojan-activity; sid:100005849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sultanulfaqr.tv"; classtype:trojan-activity; sid:100005850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunukoomthies.com"; classtype:trojan-activity; sid:100005851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suporte01928492.redirectme.net"; classtype:trojan-activity; sid:100005852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suporte20082021.sytes.net"; classtype:trojan-activity; sid:100005853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-4-free.com"; classtype:trojan-activity; sid:100005854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support.clz.kr"; classtype:trojan-activity; sid:100005855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support.gravityshift.io"; classtype:trojan-activity; sid:100005856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"supportit.online"; classtype:trojan-activity; sid:100005857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suriyecastajanslari.bykmedya.com"; classtype:trojan-activity; sid:100005858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"surveg.com"; classtype:trojan-activity; sid:100005859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suryatp.com"; classtype:trojan-activity; sid:100005860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suyashhospitalraipur.com"; classtype:trojan-activity; sid:100005861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swwbia.com"; classtype:trojan-activity; sid:100005862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tablineegy.com"; classtype:trojan-activity; sid:100005863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tactikaconsulting.com"; classtype:trojan-activity; sid:100005864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"talktalkchu.com"; classtype:trojan-activity; sid:100005865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tarravalleyfoods.com.au"; classtype:trojan-activity; sid:100005866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taxclubpk.com"; classtype:trojan-activity; sid:100005867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tc.snpsresidential.com"; classtype:trojan-activity; sid:100005868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamproject.link"; classtype:trojan-activity; sid:100005869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamsecenergy.com"; classtype:trojan-activity; sid:100005870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teleargentina.com"; classtype:trojan-activity; sid:100005871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"temptmag.com"; classtype:trojan-activity; sid:100005872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tencoconsulting.com"; classtype:trojan-activity; sid:100005873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.adventser.com"; classtype:trojan-activity; sid:100005874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.allbester.ru"; classtype:trojan-activity; sid:100005875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test1.milenial.id"; classtype:trojan-activity; sid:100005876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test2.marrenconstruction.ie"; classtype:trojan-activity; sid:100005877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"testing-istudiophoto.davaohorizon.com"; classtype:trojan-activity; sid:100005878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tewoerd.eu"; classtype:trojan-activity; sid:100005879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thaayagam.com"; classtype:trojan-activity; sid:100005880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tharringtonsponsorship.com"; classtype:trojan-activity; sid:100005881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theamazingbuy.com"; classtype:trojan-activity; sid:100005882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thefishjoint.com"; classtype:trojan-activity; sid:100005883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehotelshowdev.bitkit.dk"; classtype:trojan-activity; sid:100005884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thekrishnagroup.com"; classtype:trojan-activity; sid:100005885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thepunchlineexpose.com"; classtype:trojan-activity; sid:100005886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tianangdep.com"; classtype:trojan-activity; sid:100005887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timamollo.co.za"; classtype:trojan-activity; sid:100005888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timegonebuy.com"; classtype:trojan-activity; sid:100005889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tissl.lk"; classtype:trojan-activity; sid:100005890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tochmini.mooo.com"; classtype:trojan-activity; sid:100005891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"todoapp.cstdevs.com"; classtype:trojan-activity; sid:100005892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tonmatdoanminh.com"; classtype:trojan-activity; sid:100005893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tonydong.com"; classtype:trojan-activity; sid:100005894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tonyzone.com"; classtype:trojan-activity; sid:100005895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toobalhost.publicvm.com"; classtype:trojan-activity; sid:100005896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tools.reimclub.com"; classtype:trojan-activity; sid:100005897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toplevel.com.br"; classtype:trojan-activity; sid:100005898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"torwada.com"; classtype:trojan-activity; sid:100005899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"totalfixfm.com"; classtype:trojan-activity; sid:100005900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"totsandmom.com"; classtype:trojan-activity; sid:100005901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"travelwithmanta.co.za"; classtype:trojan-activity; sid:100005902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"truviamedia.com"; classtype:trojan-activity; sid:100005903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ttiicsenegal.com"; classtype:trojan-activity; sid:100005904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tulli.info"; classtype:trojan-activity; sid:100005905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tupperware.michaelroberge.ca"; classtype:trojan-activity; sid:100005906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tuzlacastajanslari.bykmedya.com"; classtype:trojan-activity; sid:100005907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ultimate-24.de"; classtype:trojan-activity; sid:100005908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unicorpbrunei.com"; classtype:trojan-activity; sid:100005909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniengrisb.com"; classtype:trojan-activity; sid:100005910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unifashion.app.krazyit.com.au"; classtype:trojan-activity; sid:100005911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unisoftcc.com"; classtype:trojan-activity; sid:100005912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"united-alsafwa.com"; classtype:trojan-activity; sid:100005913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unwittingjaggeddebugging.neumatic.repl.co"; classtype:trojan-activity; sid:100005914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upswaydigital.com"; classtype:trojan-activity; sid:100005915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uptownsparksenergy.com"; classtype:trojan-activity; sid:100005916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uzzepay.com.br"; classtype:trojan-activity; sid:100005917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vacunatoriocoronel.cl"; classtype:trojan-activity; sid:100005918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vagaspet.com"; classtype:trojan-activity; sid:100005919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"valleygroupinmobiliaria.com"; classtype:trojan-activity; sid:100005920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vazhikaatti.com"; classtype:trojan-activity; sid:100005921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vbcargo.hu"; classtype:trojan-activity; sid:100005922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ve0.popmonster.ru"; classtype:trojan-activity; sid:100005923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vectarts.com"; classtype:trojan-activity; sid:100005924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vektro.asia"; classtype:trojan-activity; sid:100005925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vente2000.com"; classtype:trojan-activity; sid:100005926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ventoindia.in"; classtype:trojan-activity; sid:100005927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vetaclub.cc"; classtype:trojan-activity; sid:100005928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vetaclub.org"; classtype:trojan-activity; sid:100005929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vfocus.net"; classtype:trojan-activity; sid:100005930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vfspriority.com"; classtype:trojan-activity; sid:100005931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vfspriority.pw"; classtype:trojan-activity; sid:100005932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"villatera.com"; classtype:trojan-activity; sid:100005933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vintplay.com"; classtype:trojan-activity; sid:100005934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"violinstop.com"; classtype:trojan-activity; sid:100005935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"visam.info"; classtype:trojan-activity; sid:100005936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vivacuscoperu.com"; classtype:trojan-activity; sid:100005937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vivationdesign.com"; classtype:trojan-activity; sid:100005938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viveirodoiscorregos.com.br"; classtype:trojan-activity; sid:100005939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viverosvila.es"; classtype:trojan-activity; sid:100005940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vksales.com"; classtype:trojan-activity; sid:100005941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vologroup.com.br"; classtype:trojan-activity; sid:100005942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpinversiones.cl"; classtype:trojan-activity; sid:100005943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpts.co.za"; classtype:trojan-activity; sid:100005944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vszk.eu"; classtype:trojan-activity; sid:100005945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vulkanvegas-de.katchpurcity.com"; classtype:trojan-activity; sid:100005946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vulkanvegas.go-sell.com.co"; classtype:trojan-activity; sid:100005947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"washatsanjose.com"; classtype:trojan-activity; sid:100005948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"waskitaprecast.co.id"; classtype:trojan-activity; sid:100005949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web.geomegasoft.net"; classtype:trojan-activity; sid:100005950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webpro.marketing"; classtype:trojan-activity; sid:100005951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wfinance.com.br"; classtype:trojan-activity; sid:100005952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wholenesstofreedom.org"; classtype:trojan-activity; sid:100005953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wi522012.ferozo.com"; classtype:trojan-activity; sid:100005954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wildnights.co.uk"; classtype:trojan-activity; sid:100005955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wildtrust.mediadevstaging.com"; classtype:trojan-activity; sid:100005956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wishesconcierge.com"; classtype:trojan-activity; sid:100005957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wittymarathi.com"; classtype:trojan-activity; sid:100005958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"woezon.agency"; classtype:trojan-activity; sid:100005959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wolfgang-brodte.de"; classtype:trojan-activity; sid:100005960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wonderlead.cl"; classtype:trojan-activity; sid:100005961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wordpress.saleensuporte.com.br"; classtype:trojan-activity; sid:100005962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldeducationtranscript.com"; classtype:trojan-activity; sid:100005963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldofjain.com"; classtype:trojan-activity; sid:100005964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wowsugarbabe.top"; classtype:trojan-activity; sid:100005965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wp.readhere.in"; classtype:trojan-activity; sid:100005966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wrpcbg.am.files.1drv.com"; classtype:trojan-activity; sid:100005967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ws5588.f3322.net"; classtype:trojan-activity; sid:100005968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wyklej.pl"; classtype:trojan-activity; sid:100005969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"x2vn.com"; classtype:trojan-activity; sid:100005970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xia.beihaixue.com"; classtype:trojan-activity; sid:100005971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--polimerbizmimarlk-rvc.com"; classtype:trojan-activity; sid:100005972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xpeedlubricants.com"; classtype:trojan-activity; sid:100005973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xre.popmonster.ru"; classtype:trojan-activity; sid:100005974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xz.8dashi.com"; classtype:trojan-activity; sid:100005975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yafa-coach.co.il"; classtype:trojan-activity; sid:100005976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yagolocal.com"; classtype:trojan-activity; sid:100005977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yasminkozmetik.com"; classtype:trojan-activity; sid:100005978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yedfg.jelikob.ru"; classtype:trojan-activity; sid:100005979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yeichner.com"; classtype:trojan-activity; sid:100005980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yellowbo.cn"; classtype:trojan-activity; sid:100005981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yp.hnggzyjy.cn"; classtype:trojan-activity; sid:100005982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ysbaojia.com"; classtype:trojan-activity; sid:100005983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ytvnews.info"; classtype:trojan-activity; sid:100005984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yuvadental.com"; classtype:trojan-activity; sid:100005985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yzkzixun.com"; classtype:trojan-activity; sid:100005986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zetlegion.crabdance.com"; classtype:trojan-activity; sid:100005987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zetlegion.kozow.com"; classtype:trojan-activity; sid:100005988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zexw5fah42ff6qgj.eastus.cloudapp.azure.com"; classtype:trojan-activity; sid:100005989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zeytinburnucastajanslari.bykmedya.com"; classtype:trojan-activity; sid:100005990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ziengineeringco.com"; classtype:trojan-activity; sid:100005991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zmidsg.am.files.1drv.com"; classtype:trojan-activity; sid:100005992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zofer.com.br"; classtype:trojan-activity; sid:100005993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zz.690tx.com"; classtype:trojan-activity; sid:100005994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/super-forms/uploads/php/files/lrat8burlqjbuvvgvcq56qm8ms/41304353790.pdf"; endswith; nocase; http.host; content:"akdenizokullari.k12.tr"; classtype:trojan-activity; sid:100005995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reprehenderit-nobis/quia.zip"; endswith; nocase; http.host; content:"alavi.ge"; classtype:trojan-activity; sid:100005996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reprehenderit-nobis/quos.zip"; endswith; nocase; http.host; content:"alavi.ge"; classtype:trojan-activity; sid:100005997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reprehenderit-nobis/sapiente.zip"; endswith; nocase; http.host; content:"alavi.ge"; classtype:trojan-activity; sid:100005998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reprehenderit-nobis/voluptatem.zip"; endswith; nocase; http.host; content:"alavi.ge"; classtype:trojan-activity; sid:100005999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hic-est/dolor.zip"; endswith; nocase; http.host; content:"amitempo.com"; classtype:trojan-activity; sid:100006000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hic-est/eum.zip"; endswith; nocase; http.host; content:"amitempo.com"; classtype:trojan-activity; sid:100006001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hic-est/molestiae.zip"; endswith; nocase; http.host; content:"amitempo.com"; classtype:trojan-activity; sid:100006002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hic-est/nisi.zip"; endswith; nocase; http.host; content:"amitempo.com"; classtype:trojan-activity; sid:100006003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hic-est/voluptates.zip"; endswith; nocase; http.host; content:"amitempo.com"; classtype:trojan-activity; sid:100006004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolor-omnis/nulla.zip"; endswith; nocase; http.host; content:"backlinksminer.com"; classtype:trojan-activity; sid:100006005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolor-omnis/voluptas.zip"; endswith; nocase; http.host; content:"backlinksminer.com"; classtype:trojan-activity; sid:100006006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/accusamus.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/consequatur.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/documents.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/error.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/et.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/in.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/iusto.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/suscipit.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunt-eos/totam.zip"; endswith; nocase; http.host; content:"banyumili.co"; classtype:trojan-activity; sid:100006015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labesoftware/update/downloads/boost-fps.exe"; endswith; nocase; http.host; content:"bitbucket.org"; classtype:trojan-activity; sid:100006016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labesoftware/update/downloads/install_plugin_x64_x86.exe"; endswith; nocase; http.host; content:"bitbucket.org"; classtype:trojan-activity; sid:100006017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labesoftware/update/downloads/vpn_free.exe"; endswith; nocase; http.host; content:"bitbucket.org"; classtype:trojan-activity; sid:100006018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nam-soluta/alias.zip"; endswith; nocase; http.host; content:"bricopetvzla.com"; classtype:trojan-activity; sid:100006019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nam-soluta/consequatur.zip"; endswith; nocase; http.host; content:"bricopetvzla.com"; classtype:trojan-activity; sid:100006020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nam-soluta/dolor.zip"; endswith; nocase; http.host; content:"bricopetvzla.com"; classtype:trojan-activity; sid:100006021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nam-soluta/perspiciatis.zip"; endswith; nocase; http.host; content:"bricopetvzla.com"; classtype:trojan-activity; sid:100006022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmatrix/data/hack1226.exe"; endswith; nocase; http.host; content:"cd.textfiles.com"; classtype:trojan-activity; sid:100006023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/808540577594736675/852340086528147476/firefox.lnk"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/887666017042587651/887666118569898034/4_grooveaudio.dll.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/887666944931672087/887667019703529512/2_cmdial32.dll.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/887666944931672087/887667033150464000/6_iasads.dll.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/887667360452976654/887667409530531880/4_api-ms-win-crt-environment-l1-1-0.dll.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/892172083189149767/896307878267334656/android-update.apk"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/896357431641243648/897135459929567314/android_update_build_flow.apk"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/897103531738267712/897103615020388362/installutil.resources.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/897103531738267712/897103620997275678/ipsmsnap.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/897103531738267712/897103632363831326/keymgr.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/897103531738267712/897103640219766794/ndfapi.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/897103531738267712/897103652072849418/system.web.resources.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/897105392159563809/897105448816234536/adsiis.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/897105392159563809/897105486678220830/sasegflt.dll"; endswith; nocase; http.host; content:"cdn.discordapp.com"; classtype:trojan-activity; sid:100006037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tnote-web/bsfile/ckimg/2021/4/17/6eb374b32f94435381bd3f41b0ab7661.exe"; endswith; nocase; http.host; content:"cdn.tmooc.cn"; classtype:trojan-activity; sid:100006038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razor/rzr-winner_intro.zip"; endswith; nocase; http.host; content:"chiptune.com"; classtype:trojan-activity; sid:100006039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/corrupti.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/documents.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/dolorem.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/dolores.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/earum.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/eligendi.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/modi.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/praesentium.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/quia.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/sint.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolore-molestiae/vitae.zip"; endswith; nocase; http.host; content:"chkto.com"; classtype:trojan-activity; sid:100006050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meteoradminz/hidden-tear/zip/master"; endswith; nocase; http.host; content:"codeload.github.com"; classtype:trojan-activity; sid:100006051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mr-r3b00t/rdp_backdoor/zip/refs/heads/main"; endswith; nocase; http.host; content:"codeload.github.com"; classtype:trojan-activity; sid:100006052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmp/protected-cek9qz4zvk2n65e-c5d84gi5/security-cloud/kypqw-52kkq0n9ywj9oa/"; endswith; nocase; http.host; content:"colfincas.com"; classtype:trojan-activity; sid:100006053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=11wrd1k3cum3xwrrk7ry9emoxvjihpxt5&revid=0bwr0ytfwg4ymmfnormy4ret5uulxym9uri9na2p4oe1xzxlnpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor&revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1dcskexskninafqjsvcdvurd8sn0y3z2m&revid=0b32-vhr9_ogcmnjutlfrrke4l213smg0ajdrr0yvavfsnnrvpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1gpjdoys0jisgixkzzi79qrvuun0m2ufd&revid=0bwzj95xpgx6-shdtthq5ztfkajlnv3ntvvzqy0u5k0vvqtrvpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw&revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs&revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1hdvmpsulsdwmfbduwezpkhyqscvaujpz&revid=0bxuz33-vsvvttjk1tutwb25oynbmuwjqsytdmtqybxvayvrzpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1jpl-uouydm5hypqm67uokyddrblbpxvw&revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1lrsmsenpabz1ihnqwve1zahmbbrjvy0k&revid=0bwxkravv4isdrzmrqulpqwfbnk44s3louvlqtm85tzbdvjzzpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj&revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0&revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1tilqozot07vylvdmmsfs7ia452jwhktj&revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp&revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1zxejnkdwqezrbgani5vjk2y2nhmpkg0z&revid=0b-bo0wgwxcblsui1mehkbhrlu01rwxnyrxzxanbdendmbndnpq"; endswith; nocase; http.host; content:"docs.google.com"; classtype:trojan-activity; sid:100006068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=18zfspcrlbavz_ooolsobhnpa264xyytm"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1_kme2jlo4rwuoi0skp0ejlnqrjpi0zha"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1a-herfdxr6xamxeabcdao0mqw9bimrig"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1igs5o27dptipoo8iqgpvjqpzytr0bekk"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1ma38y_tmkwp6spyu_omub2ntyzolb0qj"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1n8_s6gijerearczwh74blkygodig64eo"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1pr2l1wfpwhfzln-sq93bb9xwfqtrwezu"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1quzouzjuncjhkgnferfx06dg7icwxy2d"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1tnnhctucoeyrnqdkpizy9gm6w5ha0_tb"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1yfqtugahqhqrulwugdekeavffktsl8ci"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?export=download&id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor&export=download"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc?id=1y59mvv5dlrjfcdnlz3gmfskjj2vqerz1&export=download"; endswith; nocase; http.host; content:"drive.google.com"; classtype:trojan-activity; sid:100006086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/emclick.zip"; endswith; nocase; http.host; content:"e-mudhra.com"; classtype:trojan-activity; sid:100006087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/register/phpcaptcha/images/19dnqhg1p/sbhvtqlysxhxn/"; endswith; nocase; http.host; content:"expeditionquest.com"; classtype:trojan-activity; sid:100006088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/register/phpcaptcha/images/35egphpl5uzpvdmz9bncmvon3p/"; endswith; nocase; http.host; content:"expeditionquest.com"; classtype:trojan-activity; sid:100006089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aaugz/~3/1z7i9ux3fo0/convergent.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/abilr/~3/hqrhnxera4o/stinking.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/acmfrm/~3/ylqzntotpgg/rustle.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/adbyjkcymlv/~3/6e6rxc4idcc/containerization.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/adfevcxs/~3/mx3q5ybm3ny/fortunately.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aelieetlvz/~3/gq72-3wshms/unionize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aewpsedpgbg/~3/efgtojqsm6c/swimmer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/afgupzxekt/~3/5cggts8n2ao/antiheroic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/afzxnvhccv/~3/cuwjlcqri6c/polluted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/agjyh/~3/2zo3p_oxdyc/stimulant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ahgbtrnzv/~3/1cmd1sszbke/hatch.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ahmqch/~3/kuszhgzwq5w/being.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aiptixjt/~3/jq8zcg1zpyy/tome.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aixrka/~3/_hkhjrcuu-g/yahoos.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ajazcvxbf/~3/k2nvnffe86m/divergence.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/akpfsizevev/~3/pkjadrmsaai/overdo.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aksdrwrnsk/~3/jlzm-6sepxo/camel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/algtayszaqd/~3/kdup2j4fq7m/globous.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/alklprz/~3/ko3fqnljdey/suboffice.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/alnewvjcnu/~3/ev3ut1csrwg/saucily.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/alniomng/~3/5ds1mcnpa6q/outgrowth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/alrmnelnj/~3/s613czej_ju/atlantic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/amhdbwonsqy/~3/l6o_j2ul-oi/demonstratives.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/amswmbso/~3/fzrm4zoewwo/they.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/amyjtrusu/~3/jkcxmompebo/desertion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/anaqflvrw/~3/mbj6eljpl60/deskpad.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/anhbsspal/~3/vb7l4r9jw00/photograph.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aoglnws/~3/ohj3itnbu-q/perished.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aosiz/~3/ld09kk4n0ru/profitably.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aouxbf/~3/_i36cgvpmfy/syncing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aqdlsxol/~3/i9cvyqq7zgq/estranging.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/aqdrv/~3/5vzoils5i1k/unafraid.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/arkdoln/~3/svmxgrdzf8s/rerecording.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ascryih/~3/2oo4b6w7r7a/seattle.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/astcacxfm/~3/5dfswbtayl4/uncomfortable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/atwqzhzvcy/~3/zjexvb05kgy/bottoming.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/avrnwqsoqa/~3/7khey9xrbfu/disclaimer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/avwriqe/~3/qlqqwlxeniq/godlessness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/awfsdne/~3/8ri1d46pr_s/review.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/awujzflnwa/~3/hh9-c5ams1c/procurer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/axazbhftss/~3/t63uzlgjteg/exhale.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/axoziptgva/~3/r_i82xzzvc8/spicule.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/azmkfvlezty/~3/wh4qzfdb2re/nub.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/azxcoeix/~3/lecpqblw19k/revulsion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bagavgn/~3/row07ag4a4q/silhouetted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bahvw/~3/brqi5algxaq/alae.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bapzikmo/~3/otr9lz52nli/concoct.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/baunclhus/~3/8dtsaqjgtaq/encase.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/baxyncukyl/~3/k2nvnffe86m/divergence.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bbikpygkf/~3/xybeho8e0ne/scragginess.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bbqtpojpymq/~3/aejrkgs6yd4/exempt.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bceosoces/~3/b6a0zw6b2i4/vilify.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bckyjaehd/~3/ntglyj8ewo0/devilish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bdliugz/~3/3kby8rl0xm4/turnip.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bdpxms/~3/zwwgmilkvk4/crazy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bdsbxnk/~3/8njdemcj5uq/prestigious.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bdzqnvepis/~3/uaahoqzsfje/coldblooded.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/beonhsec/~3/caumxfa4fg0/permanent.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bfimseg/~3/mmdovx5s7q4/expunge.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bflkxcae/~3/xwqp54mhpjg/solicitously.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bfonwguym/~3/ad9tuch2rns/indicant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bfrdayyf/~3/_cgc2ubhmkq/gloaming.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bgybcpxen/~3/q4i5h3bo-2s/metabolities.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bibytzak/~3/ezm1_dyatty/commercially.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bjfidppie/~3/8ri1d46pr_s/review.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bjjrytjoe/~3/k4aw8pojbti/tyrant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bkgqd/~3/uivul-dnmgu/unhurried.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bkjmawse/~3/3gh-alr4ino/stockholding.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bkpdy/~3/dkhvtr21e5m/prevalent.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bktfgzsnrt/~3/w1-lnkg7y94/nation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/blgfpnmzb/~3/xekrz7qpjpc/trisect.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bndmgp/~3/o5r9astiygy/gearless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/boidwe/~3/4hpodogjat4/force.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/boldiomahg/~3/kc_1umtzerk/attempter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bosleet/~3/wmnb-q9dujg/cctv.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/botyjx/~3/hxmxgxj7j4y/inevitably.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bpgshdlnfvr/~3/b31arncnsr0/shock.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bpisrp/~3/bvrys8rgz_e/concert.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bpjczamikn/~3/yz7qkgy_p6c/conversion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bprqsffphk/~3/iaic_8vjgcy/contractant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bqhuwpuj/~3/hwta9xoujxe/telescope.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bqvmaadtx/~3/sekbmmj9vqg/strophe.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bqxpy/~3/cndwjxuzlbi/vessel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/btgtp/~3/tppfnxvckgm/traditionally.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bthvd/~3/zcdwuf0w1w0/levee.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/btjmcmc/~3/-v--brta_no/hymen.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/buyewxpial/~3/qrpxnon7sl0/colombia.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bwbcadcalty/~3/1hqgs_c6n5e/slight.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bxajtqfyk/~3/acyfst8_s6o/caveat.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bxcnilgel/~3/mx59t_t1u-u/telephony.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bzdmjhxklz/~3/wdihxmrbbqe/soon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/bzfxd/~3/mmdovx5s7q4/expunge.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/caqfwx/~3/jskgs4r8_g0/advancer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cazzmfifayf/~3/wrucipgn6de/equaliser.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cbnrbcosbie/~3/qp9b_vll81s/soapwort.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ccrdldmx/~3/1tizowxwezq/oddity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cczhcwrhzf/~3/c3mz3shqjjk/photographer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cdtyewst/~3/ewegd_ptqug/annotator.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cfnhm/~3/o_lf49_zjse/rarefaction.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/chjoxmpyqp/~3/jcskdhf_kp8/wideness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/chzbavb/~3/bzkdvgs5zy8/duty.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cjgzxyq/~3/akdfzzkkwxq/commendable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cjkysnkwuc/~3/yys34a6bt7a/weft.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ckmbsqnvbki/~3/cs5hqtfssmw/arabian.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/clcatmnetul/~3/akdfzzkkwxq/commendable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cmioxegwtdf/~3/ovum9wieuxm/figurative.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cnmenfrri/~3/kqmgbaqykbo/stretched.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cojqlrib/~3/3o5xk6px_dk/toxicologist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/copilqtt/~3/umwysjxek5o/enlistment.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cphcwgbmutw/~3/h_i1jxo_nvi/floating.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cqdsfulp/~3/d2jsvnda8bg/foreordain.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cqmciny/~3/wlqk7-qxxyw/summery.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/crecbube/~3/531u2jcscbi/output.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/crjbm/~3/mw5krz8glaq/retarded.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/crndqsbsewu/~3/18stph0bcm0/brainwork.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/crutz/~3/igoxhy7ucts/molten.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/crwmr/~3/6pu3obwfgw8/dinner.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/crxhk/~3/dg-j7j6axxo/chafe.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ctppecbjy/~3/tpuq-csqfoq/trumpeter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cunzhvvv/~3/xnwr21h7stk/hunting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cuubbeochyj/~3/ju83qrltjbm/worshipper.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cvivwtaxq/~3/2uf9kfgf1ei/unassignable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cwiwz/~3/j3clknmmyem/transition.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cwqqqkf/~3/dqb158qj4x0/weightiness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cwxkjpsv/~3/0tajewpn4sc/cowhand.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cwypcpy/~3/tqfarsyxcvy/sauerkraut.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cwzxpkbl/~3/lcx_got4d6g/france.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cxvka/~3/4uys9v2o09k/adiposeness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/cyjncckseo/~3/xxlje5rgnjc/virtualization.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/czleeecwxer/~3/tutn7pyikhw/tame.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/czvrkyquder/~3/ggjpzcff3_a/assaulter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dabaqesk/~3/wa8zae73jyu/secure.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dbpjwxskfyb/~3/l-mutlzygae/leaning.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dbyvcjpaol/~3/syue6wuspgo/scribed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dcffbpgl/~3/3vq8uav4yji/if.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dcphkoifqb/~3/h5axzok4qsk/rampart.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dcrhbcdvfxt/~3/jvev-defcrk/zigzagged.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dcrudikgs/~3/wlug8lbqcqm/fitter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dctagdfoex/~3/miboio70n2e/leaning.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ddnoznr/~3/4azyqex5hpm/kip.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ddpahjmk/~3/wnt3x3epx-g/dote.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dfdinwfqotl/~3/0n041kqw8_q/aerodrome.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dgsjr/~3/fwkwscznbcg/volcanic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dhawzqcgde/~3/mosvnehcdjq/sweetie.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dhlsdc/~3/wz21ocg1cyi/revile.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dhluaqnee/~3/yyced_sevfa/vary.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dhoit/~3/pg1imm9j3m8/sluggish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dhumbvq/~3/yeraydqpc04/quintillionth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dhxysafids/~3/danwsqwsfi0/pard.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dhysczsljfq/~3/nuqeifubemg/prossie.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/djovrr/~3/d8d8hl3sz-c/lavaliere.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dkbwd/~3/gkfev92uziw/divest.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dlqolmowup/~3/gvpxjouhph4/tripod.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dlqxslcb/~3/egol3cw6bhw/substandard.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dlzfhkoqat/~3/h07sb4mcpdo/shafted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dmanqs/~3/5sgrcu-9yg8/dig.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dmclkgahcv/~3/c0q5tpd2_8y/gipsy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dmlneebzjm/~3/d99jvrghxee/kinetic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dmnvpsdsrcm/~3/ip55lftub-c/stipendless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dmxkgdxdfyn/~3/swqvzcg7rze/catastrophic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dnbbzxczt/~3/xo2jddv35uw/dissent.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/doscqdxavt/~3/vnopxkjbmaa/countersign.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dpqaqlmpufb/~3/jwfwrujhlzq/witnesser.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dpsnxprmqk/~3/bcgazn6sn4o/literacy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dqxkanq/~3/asgkgogqlco/schnitzel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/drtrov/~3/ysvu_cgjx7u/estranging.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dryopxmir/~3/tyimp5120ie/refining.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dsfwopx/~3/hwpyzakkvjm/wardship.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dsolwrpv/~3/m4ytycwlx04/decibel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dssrpgcele/~3/6z7oarbihh0/dissection.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dtpiyfyhe/~3/yh2h2y9eu24/namely.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/duzhgmwlfay/~3/1o4dnzr2fe8/abuttal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dvaokheh/~3/xfgwlijme7q/squiring.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dwbzh/~3/tn59j9qgkaw/agnostic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dwnxassmv/~3/cjnuq8wld_c/podia.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dwxvdgrqrog/~3/bjocp1-lemy/spell.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dyfbpejdfr/~3/n0oecpsj0zw/dioxide.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dysajjywzf/~3/lxz2a_cxzpa/rudiments.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dzblnkl/~3/5n6h4c_g7km/spineless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/dzwmywzr/~3/kmdzp94uysu/amplitude.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eajxwpl/~3/tclv86csgwa/apeasement.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ebkac/~3/-1dnudpzqwi/surfing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eblironoej/~3/leepa0swu0i/earpiece.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ebtux/~3/6-ms0zislkk/picked.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ebtwkma/~3/8xrdhiz5jyi/burgeon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ecegwqd/~3/lz6qwmmz5um/eucharist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ecnpio/~3/dl0b6jwqpcc/scotian.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ecvikch/~3/ucwppjh9si4/explain.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/edbxqgdmhcw/~3/hgm9ffzo5ka/inundate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eecdsneqea/~3/tn59j9qgkaw/agnostic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eegdufbj/~3/tpgmld83nnk/hydraulics.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eeyogmmjy/~3/_uskqz8butk/antisepsis.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eezyhnhpza/~3/wsouehuhdyc/gunman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/efjqw/~3/wuwjup_yd-8/integrand.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/efkwjc/~3/t3ypi2p3wkm/discontinuing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/efoqvjtq/~3/wnco-tduglq/seismic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/efssv/~3/zqhp4ybkd1a/dyadic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/egcoz/~3/2uri5tkvgek/tagged.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/egeok/~3/upkms2c9mn8/seventy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/egpre/~3/73sstxbykrg/standardizing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/egyolmo/~3/gfkwy8fvkfk/busbar.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eibswmui/~3/7cgne76veem/crudeness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eiqliw/~3/f7s1jxdccpg/scroungy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eiwmv/~3/tofpps01xy8/opposite.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ekwdbglsn/~3/wctttp3oq4k/drum.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ekxqwl/~3/h_i1jxo_nvi/floating.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/emhkn/~3/abwfime35vw/resolute.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/emqkzwbh/~3/z0ihejeoby0/truncation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/emqlzvpp/~3/mxjstgur0po/vastness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/emrpd/~3/mrl9kerlbkk/troubadour.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/emwoejsfs/~3/mxjstgur0po/vastness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/enjxdy/~3/b3yi-riu60y/ablutionary.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eoqcx/~3/onn299esjco/pewter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eoqovurwumv/~3/lffyu2izcya/ripen.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eozjnrwen/~3/ffvbs2kpjoc/publish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eqgskheqp/~3/y_cmlyt-bcq/skivvy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/erohjeszt/~3/9nqommx9eba/apportion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/esmqhvxvuah/~3/q2rms4akmj4/acaroid.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/etermrn/~3/sddvtkecqm0/patchy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/etvcy/~3/ivciefv2c5m/homosexual.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/euibnjnkzt/~3/wh6whw9d3e4/appendant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/euifjnptx/~3/dskccsuo88o/batesville.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/euqqwdtwkl/~3/1qtjn8b_o5c/shaky.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/euzhuftim/~3/yxksn7-iijw/snippiness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/evvjmeq/~3/ftgczd3zrzi/polling.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eweeqr/~3/did2rhzdvum/captivity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/extgsczxld/~3/sp1ryo7qdes/brunet.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eyaeiofztwh/~3/-5mxduu25mc/disjunctive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eynlyyny/~3/m0kdxdkyvhg/bottle.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/eztnamnnli/~3/hpkluqw4-ru/accrue.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ezzss/~3/-hul1ciplia/diversifying.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fcauau/~3/om7mizzbjhq/amended.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fcdddqa/~3/yrpsvdpwz6m/antioxident.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fcpdlood/~3/jgbev0fl-qy/sadden.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fcsejsk/~3/kamsxv76kus/amiableness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fdlijgxox/~3/aflvnsn5tym/contemplate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fdlrjobirq/~3/0wliftlxi1c/greeting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/feksjaivetf/~3/zqzmu4dhdaa/scrubbing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ffbocq/~3/ggjpzcff3_a/assaulter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ffidmgrfm/~3/pgi_uivnxza/rag.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ffkghl/~3/cyfzg5qfzf0/nonproductive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ffzxstho/~3/jbdewih-840/purveyance.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fgatfd/~3/yrqtl9zggl4/newtonian.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fgdiimphvbo/~3/n9ljl_walfq/fined.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fhyvaiv/~3/pojongftquy/mug.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fikdbmnoa/~3/rmrath3h8zg/waver.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fixox/~3/nkroqy6nowa/diversified.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/floamajunwh/~3/i9cb5se9ge4/insensible.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/flqicjkd/~3/zkpvxd_ykmm/derive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fmlzezwhy/~3/scwf3bl_8bw/prostate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fmyjz/~3/fexs29qbcoq/live.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/foloc/~3/jb7dcs1nwmk/awless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fottxkd/~3/msxc7ijjf9e/initializing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fpukiszyeg/~3/tspm7j_dw7i/corinth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fqkmc/~3/1nxfkxputqi/uconn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fqrugqfxhxd/~3/9xt23uxbivs/spectacular.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fqzumk/~3/clllh3whbsi/conical.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/frevwusg/~3/cd6bsjqvcze/garbling.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/frkqlo/~3/amkibmwwbu4/thriftiness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fsvmvoosx/~3/h4tge3csqz4/stifle.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ftcbzcoxto/~3/hsxp5iiystu/macaw.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ftkqcbsdgt/~3/1fwdze_n1tq/residing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ftrrvaud/~3/oriypd2cm-0/gull.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fudwqzbgoql/~3/hsvrxkucm9e/garish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fufxrhrivj/~3/ztkrtb8abuc/piece.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fuomibyxurg/~3/yf8em_wdjaq/computationally.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fvyfrmvycq/~3/k8jtylqrq94/hitherto.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fwhojby/~3/l6g_ufqc0nu/diagram.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fxfnqtnag/~3/g1sqgwzg3we/subtracted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fxpjoz/~3/rscvoxeyi5w/degeneration.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fxxxmiirnj/~3/py9c9t4dkjw/harmless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fynbpytc/~3/2ncll93ifvu/proceeder.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/fzjzhzn/~3/5aa-x0wsx8w/shrill.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/galgszo/~3/gbg4pvij8ea/adaption.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gbaehvp/~3/j7xmnt7egau/steve.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gbkbjpbfohx/~3/3c15hk07dpk/choral.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gcqhotkva/~3/3veqfcnphh0/gastronomic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gdistr/~3/yl_d3-dobfw/defensive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gfxwbgoiua/~3/vnopxkjbmaa/countersign.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ggclulzqonp/~3/erlsryfglry/gumption.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ggeeyz/~3/kc_1umtzerk/attempter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ggjbku/~3/irkjjb8mzkc/rapt.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ghhfyiit/~3/qxk5zua3bvo/wives.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ghlqeex/~3/ziauskvcw9s/front.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/giaetua/~3/n5x-1hiq2cu/spearman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gjxsqftu/~3/upkms2c9mn8/seventy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gknoh/~3/aeo9rb8svaa/salaciousness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gkpsazvraq/~3/03toi80vbvw/addicted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gkwka/~3/kmhrqmbmjwo/penman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gkwthwi/~3/ftbntuy-t0a/democratize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gkxwnjzxerb/~3/wyalkojksjc/astatine.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/glqbuewzmwu/~3/kv5tmtevrdo/zigzagging.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gmnpkjxdv/~3/fky7x2dlhki/colossal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gmqjwumhplc/~3/bjjjtrd81mq/jewelry.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gnccwlen/~3/nuqeifubemg/prossie.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gnebxlk/~3/j2hmnvqmkzi/haunch.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gneizd/~3/mrl9kerlbkk/troubadour.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gnnoljqer/~3/wbeycxg3hla/togs.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/goonuul/~3/yalsiysod3y/assimilation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gouoklzti/~3/s2rxd4uqmze/hilt.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/goxtflkjbq/~3/d4nrzfpe2ea/fortress.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gpyldnaonkc/~3/emscebimvta/birdcage.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gqcxumnkh/~3/oa5ugpmtf8q/baulk.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gqnocef/~3/k-ooa2lqteq/lee.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gqthd/~3/qg-bvujil3s/squeak.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/grvli/~3/qrn42iaz8fq/disturbingly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gtrxgxw/~3/yagqx8q-dfq/incorporeal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gtwlvo/~3/f280n4qz0d4/tribulation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gvhqfxb/~3/qxk5zua3bvo/wives.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gwstr/~3/wazgoovpzgw/impersonate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gxddsz/~3/vjl_8vbc3ue/unrolled.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gyljfjzg/~3/03toi80vbvw/addicted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/gztexqdzgo/~3/dqb158qj4x0/weightiness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hagdupdkiky/~3/1ssd1fvtak4/acorn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hdbpwfyscxj/~3/h_6p_hpoaoq/broadcast.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hfhnfdkako/~3/2retsc0cybk/kilos.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hfmmxbim/~3/ky21aqqoonk/catch.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hgjbosgip/~3/-fkljfcyazs/mackintosh.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hgjneqj/~3/sansv2wmyuo/shrovetide.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hgvwyosinbh/~3/0swrfp1ynu0/takeoff.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hgythqv/~3/maexnbaxnhk/worshipper.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hicvurye/~3/jpngtxfhdyi/compactor.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hinvei/~3/ijyapgp4i_0/fastening.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hjkbscmmozs/~3/mdqd_vvlsnw/abbreviate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hjkhco/~3/_z-0wnxyf9y/facility.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hjyydy/~3/1ixbhdsi5vw/pout.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hkrjmdo/~3/fcn3lu9zcu0/lining.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hljjh/~3/np_bvpuojmo/rationing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hlkcmeh/~3/rrhoct8ed3e/allelic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hlobykmlt/~3/tu2jdf7h440/specimen.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hmsop/~3/nklkayj5zj8/tote.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hngeh/~3/wxiykts6mfi/nameplate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hoidhg/~3/qofkvh_6iqc/emerge.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hqdymhp/~3/npsuxc4ev5u/shortage.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hqpdd/~3/drhybx3bkzm/shawn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hrbrzolujf/~3/d_apl324jxu/bluish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hrerdpytagc/~3/r46jjtlhjg0/aireometer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hrkvfzibzy/~3/3w1c3g3sqlw/industrious.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hsdfqailq/~3/rcx8bslh8x4/ineffective.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hsyvis/~3/k-i4yuemigg/sublimeness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hszjqq/~3/fai1hnuvrtq/severable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/htkewchpcoy/~3/jeldhv3db68/inhibition.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/htskahxxi/~3/2oo4b6w7r7a/seattle.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hukyrx/~3/2n3qyny6eby/positiveness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hvvqimh/~3/emv_aweaeek/hye.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hwbwcrzutx/~3/mnd5whayqm8/oversized.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hwkquzr/~3/ovuxx4mtryi/movable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hwmopioyd/~3/dngnprzz844/hellenic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hwqypi/~3/fbltysego18/electrocuted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hwvfylcuhuz/~3/bjocp1-lemy/spell.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hxtqrmqdkul/~3/w1-lnkg7y94/nation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hyxkx/~3/tc9-pztswsc/labyrinth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/hzkbdfqjkyr/~3/t0hrdatxa8e/quadruplicate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iaffzhbq/~3/nq8j50jyraq/pneumatic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iahamhikdsk/~3/o8i1x0lj5ny/prohibit.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/idrvbn/~3/kmdzp94uysu/amplitude.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ieuzefbdy/~3/biq6gxzijta/polysulphides.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/igkojtrwhc/~3/k-ooa2lqteq/lee.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/igxwe/~3/rotgbzcmr0a/aspectual.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ihqxfbmkyu/~3/k8jtylqrq94/hitherto.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iivlvngujd/~3/nygdiom7nzg/thursday.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ijdzzjludng/~3/crc5ahn_dhi/afoul.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ijxbll/~3/2-kvr5keqak/alleviating.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ikprgixbw/~3/ooaytjs4mb8/sect.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ikpsjky/~3/rmxcsszd8li/haling.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ikpygqymlhr/~3/z6q9xzlfdfc/exhibitor.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ikqmdyi/~3/hhpgvco6pp4/dole.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ilsgffwag/~3/nygvte0qx9q/barefooted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/imgmxjurka/~3/egol3cw6bhw/substandard.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/imirwvgd/~3/jnws4tpruuw/captivity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/immarwu/~3/nr4ag19eogi/vale.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/imtucwvtte/~3/j3xsmekg_km/scientific.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/imvpfbl/~3/bteidbekici/brainy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/intqjhexl/~3/5rrxkt8irpa/categorial.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iopyl/~3/pgi_uivnxza/rag.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ioxfgs/~3/6zoq6bulf_e/occupation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iqoxn/~3/8pxhbtlua9c/gyrocompass.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iroerlzvmn/~3/mlqvtycbuty/contrast.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/isgtvrkjmpu/~3/x1ylrnybzfq/certainty.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ismpbrm/~3/b5rckwlvfry/secrete.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/isrooft/~3/xjl8rykgmeo/precompensation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/itpjzaa/~3/jmsxzbqx9dm/explored.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/itzeweywlk/~3/peholbtfpa4/baleful.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iuhskw/~3/wfb9sw1ikaw/craftily.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iuykeqyvac/~3/243yjkywaai/caucasian.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ivhho/~3/rgjn7c10rtw/planetesimal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ivibsypga/~3/x9abxta23w4/african.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ivijorlamjb/~3/vqcle2unyce/phonic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iwmytcu/~3/edl6kbcnjoo/documentation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iwygbdwnj/~3/cgzdb_-kkks/obstreperous.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ixkfquerq/~3/rmrath3h8zg/waver.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ixkfsxxznxw/~3/0wliftlxi1c/greeting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/iynfl/~3/-ljsxztwqik/cold.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/izqlkhwhva/~3/dbbujxhcdpy/stimulations.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jaycm/~3/iaic_8vjgcy/contractant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jbbvmzdshx/~3/hryesrltooc/amur.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jbgdxckura/~3/4mbz8orsreo/bugle.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jcdqziafk/~3/rmxcsszd8li/haling.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jcrqrvgdtoe/~3/iepzrewbu4w/erased.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jcsxyxmpgoc/~3/7abx7zb-qlm/miscreant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jcyvnwwtjbv/~3/udolyz2vcey/sealab.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jdrbwlhb/~3/oblnstrgqka/wharves.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jdslgogqnyj/~3/sq5dteouedi/discern.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jdxaueovwtk/~3/qo54i5c1dya/misrepresentation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jenovrs/~3/npsuxc4ev5u/shortage.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jeoptnk/~3/ts63hw5gnsu/spathe.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jfjewuwbye/~3/gj5oy8fh7ii/interpreting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jfnzzwb/~3/2gw5rfxdmua/xylem.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jfrkjzzyap/~3/wn_0oux81fk/cancer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jfrozu/~3/zkada9flls4/susceptibility.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jgtktps/~3/h2pk4zhkhoq/photographer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jhhcqpcbskw/~3/4dh7wxagjwo/demand.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jhzcsknjpnb/~3/hpi8vwmioey/undecisive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jibaba/~3/jptq15n4zsu/galleon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jirycwr/~3/b8dkcurqsja/maidenly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jishmsst/~3/d-0tlhzczdk/elimination.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jjiuaibmz/~3/umk-kpo89fg/nightingale.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jjuyet/~3/f0mymszcoty/litigation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jkgrvwqj/~3/lg9zybzlraa/factional.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jknvz/~3/uga7zsnl_5s/sublimed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jmrrqkhvf/~3/yagqx8q-dfq/incorporeal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jmtrauawntj/~3/8fqp6mype_e/uniqueness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jnkggsbbmnm/~3/7zgcybcvwxw/provocative.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jnusuuscha/~3/svacvxmfgcc/pawl.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jqczmzweai/~3/kpsrljpp4hg/mediation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jqeiyojpju/~3/z0anbmrsckg/sanguinary.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jqvakl/~3/c-9qnpwgok0/palsy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jsmuwwtywdo/~3/b5rckwlvfry/secrete.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jssrekf/~3/97_mtmjpkew/bespeak.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jtcczsuacyc/~3/cao720snnq8/staffers.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/juivhndwy/~3/3eycej7f-hw/inspection.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/junkqqc/~3/drhybx3bkzm/shawn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/juvhxgje/~3/hpclptc8uw4/nonblank.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jvddfbtb/~3/dhvslocshnk/blotter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jveabhvyws/~3/lnofhxjsxpg/dissector.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jvkpzhvm/~3/1ixmihrg2as/equation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jvvxz/~3/oiw26hvpqw0/nonscheduled.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jwupk/~3/zt8wfuk2uig/stational.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jxrprmc/~3/96s052s4hx8/operatic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jxxxp/~3/kqlscl1cpfg/corps.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/jzmppizmlz/~3/mtskx2bkuem/somersault.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kawziejajj/~3/gxywlbm19lu/snorkel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kcjzdoef/~3/e9go2q8t8ww/pitchman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kcorhkxa/~3/2zzjbioeeui/petrochemical.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kcpenjqz/~3/yz7qkgy_p6c/conversion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/keqifhybned/~3/txtdkvbod34/endocrine.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kevoxvlshcl/~3/e26hms8iqx0/abstemiousness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kgjclbqy/~3/kxkscgv3ci8/dizzy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kgjtvpv/~3/zho96uwhp10/haemolytic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kgodkskn/~3/hgml1_jnjok/wore.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kgttfz/~3/-vh2ncsq3x8/hydrology.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kiidwqn/~3/y_7u__skgxy/disaffirm.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kiqcwypszfl/~3/owgeccqm-pu/soap.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kkdbiogdrus/~3/9xehy7lyoak/registered.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kkmufibnxzs/~3/v2qt6w3y0zg/sepulchering.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kkroh/~3/kh1g0a_-huu/piece.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kkuzhhehc/~3/na40jcdsxte/blind.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/klfucvds/~3/-jghus6iouk/shaman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kmryk/~3/7-b2qx91xtc/tinkering.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kndhse/~3/cc7ittiodpo/squab.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/knzjkajne/~3/nsub2w8elqw/film.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kpvgbuhfmjc/~3/zkrfz1rg6oa/popularize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kqfjvr/~3/_tl9zfrchpc/decapitate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ktqvhcsg/~3/avfx26gashg/purport.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kuknjuzpeds/~3/dwcxpiafj3g/sandbagged.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kukpewk/~3/coimhkqijxy/gangling.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kuusrp/~3/kakatzecgbg/preclusion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kvocxu/~3/fiysuxzwhhe/malachite.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kwhfeeyd/~3/ou1t3abobl0/illegible.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kwtxggkqa/~3/ivciefv2c5m/homosexual.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kwwzcyq/~3/7vincvwsb6i/caldron.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/kyrute/~3/tz9mru2yqom/proctological.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/laycarvbi/~3/yvfm6xzner8/unexceptional.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/layov/~3/b3qrm4adryq/chapel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lbeii/~3/jptq15n4zsu/galleon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lbtbd/~3/iwlzywisuwo/armlessly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lcaniauh/~3/yzejzmygcxs/brainstorm.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lcvlamvfqlo/~3/y2gsyhttlvi/marxist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ldcmifu/~3/3lddy9zvi8q/impenetrable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lffsz/~3/idyhce7j-h8/pix.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lfqvz/~3/iylmfpkfzpa/foppery.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lfurqdkkq/~3/rbcv8a2yxpi/left.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lfwuayhq/~3/mkcosehshte/reassert.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lgmcqrbtmu/~3/jj4nzzn_ws4/dawning.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lhespsw/~3/2fqtvjhre7a/memorialize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lhwmh/~3/qd3kfs7nlse/blossom.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lidbmwhtui/~3/obkutjtudyy/testator.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/liebh/~3/5hovn9aokgq/flight.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/liyhfh/~3/yzoozqptnuo/pulling.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ljewbxdv/~3/sddvtkecqm0/patchy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lkgnyhqo/~3/_wtekr7_tqi/planetary.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lkgwlervyv/~3/mdxen0jbzic/cubism.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lkhxdgsvp/~3/kj5nfbvjtjo/pong.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lkyhblao/~3/_t_gliudcau/eyetooth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/llmbopfpjd/~3/rvvti739xly/critical.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lmwnkdvlod/~3/0vnzjbbxabm/understandingly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lmwoinyo/~3/kgeshfub-ag/permit.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lnpcogiir/~3/slifgowgmxs/upriver.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/loumovogg/~3/w6h_pnyu82o/tastiness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lpeps/~3/xzmqjxgwqry/saved.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lpiexafzwh/~3/o_5zokmaqdy/chill.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lpwdcwsv/~3/48ogugfsttk/tomcat.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lqmywovnrui/~3/7rtdpst0gy4/jack.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lqvmimh/~3/cfpgn8w5y2m/savable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lrrtsfh/~3/brhxnw3qvlg/objectless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ltnfvcyen/~3/5wtr_w9qrou/anechoic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ltoasd/~3/vvzqha_r9oe/tibial.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ltsmulm/~3/lespllxsmzq/common.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/luiywbh/~3/3lq-6obzrm4/intourist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lvdwdsga/~3/pkzqm1yripk/certainty.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lxnyejm/~3/ry7by1ywdkc/based.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/lyvwmvncu/~3/pnnwdes7h6e/indeterminacy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/makwtkqnds/~3/3yqerz2xygq/apoplexy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/maungjh/~3/fhyzc9ljvk8/uninhibited.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mazxm/~3/w5pyh_kn7vg/streamlined.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mccquhrwdt/~3/2pfiawrb8m0/tripartite.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mcrnlxvclip/~3/mkbsftzwsfu/flabbergasted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mctermce/~3/p3haokbb48y/sighted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mcyjtmmfg/~3/2f7tl4o9pnq/flamingo.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mdqrtwq/~3/cjhh47_acmc/hosted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mejvlqbk/~3/qc5o9ukmdjq/sulfonic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/melsfksw/~3/wwypky98k_w/cryptographic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mfkmfzvbvk/~3/nypm4ptzihq/umbrae.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mfywf/~3/hi-wahfouzw/sap.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mheuzl/~3/vwa7dwk3ncu/milquetoast.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mhkerig/~3/1xqwb2xuupc/outdrink.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mhlwabmfpb/~3/h7fgvshj3yy/distraught.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mhvedgtqr/~3/8neeeh9uvoa/unworried.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/milkhuti/~3/-rutjgt6qie/abaca.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mivtyhvsz/~3/emzubpyol6e/rivet.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mjiqhsuqot/~3/vip8lrdxdl0/pont.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mjwajvqvody/~3/fcgbaug1o8k/drivebelt.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mlqnkjqkk/~3/bl3nmqddjre/revetment.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mmgvfma/~3/8yyxjf_gouy/tomahawk.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mnvati/~3/jabb71vucbu/pettily.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/molwlyihho/~3/zq6uw_kuodc/toke.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mscrodjzu/~3/mxjstgur0po/vastness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mskotaa/~3/bo1japvn7to/perfunctory.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/msocza/~3/f9ebevyha8u/crawler.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mtneklqlye/~3/b8vmpicuxhw/horn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mtpqviyj/~3/yjjv0mm5lyc/earlier.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mudxodfld/~3/z9riq8sjuva/aught.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/muejft/~3/ycyn6gnet0k/warehousing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/multqmg/~3/sxjgcew3a4k/aftershave.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/muuieqjzac/~3/0pollbm0nmq/thaw.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mvqnx/~3/hntslhkolpu/snooze.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mwjrioqdwna/~3/rddjsaohcbs/babu.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mymnmgydz/~3/pgpn8vsld5u/airmailing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/mytali/~3/w3ytkz_weh4/swish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/naeijvbomjh/~3/ema4tjpd2lq/zinger.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/naibtxah/~3/k2mguozmctk/forage.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nalvpv/~3/isp2uueh4y0/smiler.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nappmrp/~3/d99jvrghxee/kinetic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nbdpil/~3/eojmwyvqgvw/oar.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nbtrdwelrhz/~3/sxum0m274wg/obstructionism.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nciasjppt/~3/0toczyfqfze/pinout.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ncnho/~3/i6l2yvottdq/victory.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ndjpgkbtr/~3/lz2-lro-c3e/tatter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nehiw/~3/suo6fm3zr0q/heliport.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/neumxsp/~3/p0wcljrd6l8/salvaging.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/neyqhjkesy/~3/gicwqe9v8te/secretion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nfsgg/~3/csidn1xypru/sherwood.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ngpjrlpe/~3/xzy9utu28su/salvador.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nhbwdnxp/~3/dwnenj6muwc/profess.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nhmne/~3/19nsatt5aak/westerner.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nhncwaoztlj/~3/rj2cpu4cope/trampoliner.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/njcqsxdco/~3/y_7u__skgxy/disaffirm.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/njebcluh/~3/-ulzdogfyfs/thousandth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/njsglkxr/~3/b-skc6x7lpo/fond.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nkzse/~3/bh_wqutvgs4/cloven.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nlueaecob/~3/69i7uqh8yhu/crucifixion.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nmmvotegvcx/~3/lhflzctinr8/zeros.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nmqgynmzfp/~3/hzyhmujzqac/sox.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nmyxwwemu/~3/laszhr2f9vu/petiole.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nnuesqq/~3/wbumo93xvb8/allergenic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/noaiqgn/~3/mzifssgy6qc/cluster.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nowbzzjdnj/~3/5wtr_w9qrou/anechoic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/npgbqrdo/~3/ub8t0rlcqae/allying.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/npppsae/~3/klgehthrixc/modernist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nqfav/~3/mxjstgur0po/vastness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nqmswm/~3/luetg43st04/lyre.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nqocl/~3/ftrjtexwhe8/inevitable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nripeli/~3/t4u-sxd8uho/spied.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nrpsgvqa/~3/zuzc9qrmawc/coulee.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nscsopcgfvb/~3/x0fj8hm9rso/semidurables.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nsdwns/~3/wrshvriyu30/misspend.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nslnb/~3/xgwwcmlezqw/slumberously.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nsmvwqkud/~3/8zasrfx5et4/total.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ntdagt/~3/hh6da-ynzm8/flabbergasted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ntielrbmhec/~3/d-0tlhzczdk/elimination.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ntrfyl/~3/z64i_e_cocc/cavalry.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nttdmbqg/~3/g9xrkvoxzti/saute.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nviwfoil/~3/4djruqksqiq/sparerib.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nwhfe/~3/sdljzeqkzme/threshold.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nwkasv/~3/zxsw7gbvpjq/signifying.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nwrbkqkrwt/~3/x2thokcqbjm/heal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nzaises/~3/oscm4vc4lui/muffin.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nzksuugnqx/~3/ulfioom7ivi/vilification.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nznlvqfv/~3/d99jvrghxee/kinetic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nzoplhegab/~3/54qdgvrseva/farrow.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/nzqcdbc/~3/v2qt6w3y0zg/sepulchering.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oacyfx/~3/edz-rb_-mma/quarterly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/occinamel/~3/4ouks5pnugg/flatland.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ocidtiojaoj/~3/i0ix__rkvqa/plod.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ocorhvau/~3/kdbtqqw71ys/workday.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/octsuciwnr/~3/ipufh5r_jew/soupy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/odfhs/~3/ckjusyxlbce/predictive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/odqrbjanmik/~3/u9zyri6hhhq/recluse.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oeflorv/~3/i2hqssalytg/inarticulate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oeyvqcd/~3/p_n7etmqngc/disgust.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ofsxdujjlq/~3/o4_zpdcsuxi/spare.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oggsl/~3/oy4rrmjifjy/gelding.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oiefojc/~3/hbuc-s__wow/overheating.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ojlpxpwcsnj/~3/ejxlo0oiujc/peroneal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/okvoga/~3/numusremdbg/rehabber.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/olxckvkuu/~3/rytobz4s0f0/emblem.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/omeile/~3/kyal_gmvjz4/quarrelsome.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/omplafu/~3/jf30f4yc0qy/shinning.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/onjgd/~3/mjyi9hwifd0/esophagus.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/onkwlba/~3/nao97nmaba8/personable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/onxlzdqn/~3/i5aqywvmxmq/semiskilled.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oouavljnu/~3/u1wb2a0thce/serigraph.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oproxyqys/~3/2sozp67emwa/moody.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oqjrslb/~3/y8bfwnlh9h4/edema.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/orvbmhfbakm/~3/dnq39pwpidi/schilling.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/otbhw/~3/eddgs_7yf54/benevolence.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/otmwht/~3/zoccummbaoo/quicklime.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ouxocom/~3/bo_ahgkgj3o/bleeder.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ouyroxole/~3/vxg27pwcm88/watchman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/owkmnjibv/~3/3eno4yjterg/prophesying.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/owlhhnsvdhi/~3/rrhoct8ed3e/allelic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/owocoyk/~3/9emdikffdqu/diaphragm.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/owphgm/~3/bdptt0okc_a/locking.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oxdlysb/~3/n71bbcagvbm/confessedly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oxlevslk/~3/nbqhpjkecvc/fulfilment.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oxlhztcd/~3/-ksbz692due/harbour.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oyapsdw/~3/v3jb6u5_zrg/phenotype.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/oyfkydlcevb/~3/kfgmptl2q_e/sleepwalking.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ozddybnzx/~3/c869ha0umui/ring.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ozenxfp/~3/727ewtteusc/daydreaming.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ozvqnyzejt/~3/d-ljrbj82oy/divide.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pamwrpgugil/~3/q6hqvqqpeau/blasphemous.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/panfbtsk/~3/go8iy9cvwii/profanities.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pasxfkr/~3/dls8zkudwz4/nylon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pbaxb/~3/1gs46eloz9a/packetize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pbuiuycewn/~3/deadxzjkiim/render.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pcugumjb/~3/5o0ppjrd78m/arrival.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/petjgfhj/~3/d_apl324jxu/bluish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pezypjcvy/~3/mjhjyq19ici/clever.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pfbppghxae/~3/ue8mngwerhy/sydney.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pfksbzzxnya/~3/menyp5c53os/smoothing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pfoufjjn/~3/9xehy7lyoak/registered.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pgkera/~3/nq8j50jyraq/pneumatic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pgrqonsdklv/~3/q0awvlqeezu/appropriate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/phgqhyi/~3/wi4wsgnh6vi/tired.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pieridcfck/~3/7wrcrsgeqsk/defuse.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pixgdy/~3/_xbgt-mqvim/edited.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pjderkrf/~3/6frmbs3nr6y/seeable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pksmytu/~3/dwnenj6muwc/profess.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/plfmbajr/~3/1ixbhdsi5vw/pout.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/plpkrmfier/~3/w0farlydwik/oxheart.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pmktknqxnp/~3/oqwtp-pdjsy/timorousness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pootujvaqs/~3/pmpjz2fbf6s/auger.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ppffll/~3/sxum0m274wg/obstructionism.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ppohvcctrn/~3/80fx_kqledi/compiler.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ppokjprczt/~3/1mj9lgfbota/anonymousness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pqgwavlh/~3/d2aomhwsffm/abaca.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pqoef/~3/ijkudg6vfcq/loudspeaker.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/psfjdr/~3/fd6fjlczlxu/stateliness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/psfoys/~3/0m5wihwawka/supercalifrigilisticexpealidoshis.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ptdfwp/~3/_x9w9rgx1fq/axiomatic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ptjgq/~3/ijrqotnmv5w/anticorrosives.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pupsxizi/~3/-arrrqoqnza/desirability.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/puttarp/~3/p2nehhywmza/environs.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/puxepqltnu/~3/hflfri33yr4/weakly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pvihopiy/~3/fbj29uerz1m/morsel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pwndoubd/~3/mhmls4s0lc8/inverting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pyescfas/~3/w2oeeyzhxfo/publicize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pyjjlvan/~3/eyuajyupyts/postings.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pzjyjhhf/~3/ia1omkkqvtk/vivaciousness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/pzmikcxyitl/~3/e7owit4b0sm/plummet.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qajjru/~3/i2aqyk5ctlu/breastwork.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qarobbsid/~3/klv4rt-mos4/certainly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qcaduce/~3/6nsdy0n8rwk/malign.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qctakzerrp/~3/zrmyxzcsg6c/rowwise.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qdvgpbb/~3/haqj98cd_ww/enlistment.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qdxdj/~3/6_gb5npritk/savageness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qgevg/~3/k-ayfpf07so/preliminaries.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qgvtafvff/~3/v5njjpqb8ty/soaks.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qgzoascx/~3/g5mdu8vuoe0/pbs.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qgzvfl/~3/rmybedjq544/potting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qhqoyfavqi/~3/piwk3o82q9g/daemon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qijeskbdhl/~3/rrxhj0dpkha/impregnated.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qkglg/~3/xlyd3hjepxo/what.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qksmnjjjs/~3/6e6rxc4idcc/containerization.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qkxvtslpqp/~3/j9aglj3gu54/computationally.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qlcptxi/~3/48ogugfsttk/tomcat.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qliwmezal/~3/o-owoo9rs84/perinatal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qlmrnxrxgr/~3/uez_3ebsswo/aura.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qluuqec/~3/23qwd6irpla/assaulted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qnkidngzhrs/~3/u3xchbvemz8/eclair.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qnnoo/~3/1xlrpj3u43g/misfortune.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qoceviscp/~3/tl5hskjtv5g/touchpad.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qpkwy/~3/ebcb5dwgfzc/vulcanize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qqkgt/~3/omqhsqvq6kq/saloon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qqmhkldwor/~3/h70hytppwx8/encapsulating.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qravu/~3/4djruqksqiq/sparerib.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qrljjojxid/~3/tj8s_7ztode/alloy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qrosjwz/~3/z4aatcp_jxm/pantheistic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qrscorw/~3/tpe1wcyikja/elucidate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qrzmlokcr/~3/ffovkyyhjsw/adaptiveness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qsnukkaic/~3/zcdwuf0w1w0/levee.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qsqet/~3/rddjsaohcbs/babu.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qtalrefho/~3/dwspdsqachc/greedily.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qvwtiz/~3/lqzgn5v8sso/returnable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qwclkkjhutx/~3/eldvfarvavm/flexibility.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qwrkcugfho/~3/hwta6hgzarc/copyrighted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qxepixx/~3/rygxz-xnl6u/damages.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qxkhvdvwbxy/~3/ycm1rsjvyjm/furtherance.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qxmxzedg/~3/h_-95fbtrm0/sanation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qxqqijugx/~3/p4kcxxzqgps/ichthyology.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qybdju/~3/jbdewih-840/purveyance.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qyiexqsyk/~3/qucv56o5nna/exportable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/qzvflvfsf/~3/_y6htcxo6cu/raddish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ralseepre/~3/akkhncoocfa/bracing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rbgrb/~3/whwbmntek30/perspicacious.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rbwtw/~3/seveydpqwea/converting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rclmkyxbpxk/~3/hadbacp9-l8/approx.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rdcxsv/~3/ahlxptogzpw/insipient.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rdqawuux/~3/t0y6-8pdnye/glue.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rekue/~3/wnlibfgeiqs/discovered.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rexelmtrbd/~3/aiirurekzgs/smoothness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rfdpdgzyt/~3/u-kemg9gqvi/interrogated.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rfkkr/~3/ireanrgbc0c/paternity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rhjwqtdid/~3/qx6olfl0gye/multiplecolumn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ridqz/~3/p9nqlh-5m88/panelist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rimvg/~3/udolyz2vcey/sealab.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ripmw/~3/wk4zfiild3y/median.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rizyr/~3/1vmwhmghix4/blindness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rjhojm/~3/jgbev0fl-qy/sadden.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rjkanbkcwwf/~3/vfnz4htiyta/invisible.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rkcvpgtz/~3/aaciciqoheg/bioremidial.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rkhtexpeu/~3/avfx26gashg/purport.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rkpyzssqtu/~3/wnco-tduglq/seismic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rleff/~3/eojmwyvqgvw/oar.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rmaskczja/~3/gmbxjxb2_ba/beryllium.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rmpbgqsy/~3/1xlrpj3u43g/misfortune.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rncrcrpczvh/~3/ezdhz7e_c7e/peccadillo.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rnklrpwnlo/~3/zqzmu4dhdaa/scrubbing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rnxahw/~3/tjagvamywn8/rerecording.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rogeita/~3/-r4197zplyg/turnstile.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ropvfjvc/~3/4d6yh8sgsry/desinence.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rpakahawzmn/~3/pvjnjwt-7tw/right.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rpbsdok/~3/atii0lytrru/participating.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rpmaxa/~3/owtsylqn61u/antecedental.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rppyqarlzwr/~3/afeslz0ggje/waived.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rqknjsxqa/~3/zre1mlelque/trouser.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rsxbvnzge/~3/csf9exazp50/socials.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rtfhbmv/~3/ivoiutqtjbk/almoner.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rthbsdde/~3/ca_uyune-mi/isolation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rtuoxxtkq/~3/umb0k18sdtw/banking.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rucorvbra/~3/iwlzywisuwo/armlessly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ruffh/~3/3ni8fw-2aho/inadvertently.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ruplzv/~3/lvxn9qzr8rs/profundity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rwpqzxy/~3/ne4oshm-pgu/ventilator.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rwxmcv/~3/k8-0d6gn1ri/pathogenic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rxzmv/~3/zgrzmbzxttw/wale.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rywvzfg/~3/lhxe1genh8k/australia.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/rzwuxoqoj/~3/ejpdokd3skw/transponder.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/scffn/~3/2mdy_fpizg8/keycap.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/scfnzlwceb/~3/d6ch9qoljzm/umbellate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sdtgbeke/~3/ckjusyxlbce/predictive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/senxajogzxq/~3/zxsw7gbvpjq/signifying.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sexklyjj/~3/uwk3bay3f4u/referenced.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sfowz/~3/el7r0r4osva/comprehend.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sfusbgu/~3/c-j6i3hrlsw/plane.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sfytff/~3/xvb6ybgoatw/aleatory.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sgjco/~3/7croinbfuke/bicameral.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sgnixd/~3/it2u-3oajki/nor.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sgtkjwkn/~3/x35e3gdtmx4/graininess.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sgwabkkhkca/~3/83f8vocout8/nuthatch.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sjqdxpx/~3/46sszusyy-0/glutton.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sldcovwejr/~3/9r2s4ddeeoa/spacewalker.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/slzmpjoarsq/~3/ns-4mpjqyqg/tangled.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/smboa/~3/iszfzls5nvy/conical.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/smqlfh/~3/i58esjnuodq/flora.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/smvdbpiyou/~3/uivul-dnmgu/unhurried.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sobmbdvicvl/~3/l9wycqei0uq/statecraft.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/soisnwwm/~3/oy4rrmjifjy/gelding.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sonlpdmgd/~3/026p98rjcc8/californian.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sovqcyold/~3/qvclypzrku0/ambitiously.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/spcgvy/~3/knv_iybh6-c/vanish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/spqdo/~3/aidrrjho1bk/photometer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/spxbjssbaj/~3/ku6bwrhoczi/slowed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/spyqh/~3/vypefhemwk4/sardinia.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sqsvicaxaxa/~3/juhenfxbv8k/invalidation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/srwmssln/~3/5kjxtllgwio/frozen.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ssyqqrswhi/~3/zc7kdse96uq/nonflammable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/sszckpycjl/~3/htdl6lkr-t8/pictured.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/surfkokkal/~3/abyhoxawthg/suavely.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/svaaco/~3/raf2moxvkba/verdancy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/svjudvavgpk/~3/ltomixtfkog/honourable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/swmwx/~3/yso_hobjelq/toronto.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/swszkf/~3/syue6wuspgo/scribed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/synzpqmkloz/~3/jmjyufcyjw0/pauperize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/szjowlwe/~3/9cv5sqgaozg/sanitorium.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/taagp/~3/qzqwhafex4u/occlusal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/taosolxrx/~3/e010f4e3gpo/nigger.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tayqev/~3/pie1bcdrqro/touchingly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tbdtvefm/~3/2lwplevq8gw/corpus.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tbzffam/~3/s2ljxwjufly/nobleman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tbzhp/~3/bionbkhfbzi/interrupting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tczezwqitfu/~3/zqzmu4dhdaa/scrubbing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tdiyaiswjo/~3/dimwfmxgnj8/thermodynamic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tdlrvsrtthr/~3/tqzf4drliwy/allured.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tdmxolbkruu/~3/iqminpjrdtm/slices.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tfnmpsxzas/~3/rlvg0vrcj9i/adored.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tglsk/~3/a_-vczlpfpo/ageratums.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/thynzpbgmwt/~3/j2yscyuhgda/adulterant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tiabqyjv/~3/iqminpjrdtm/slices.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tispe/~3/i3bwxtmshe8/chapter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tjbsr/~3/wq6n-kbeb7u/scorer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tjeggugt/~3/pbafr2vxsxi/kindly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tjgtkbjzdpg/~3/rxxbncztyhc/pleistocene.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tkjwp/~3/ijsrn0dqyvs/interpretive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tlbfsi/~3/8edfk6zozxw/maximal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tlwfvbpa/~3/0pxfva7iabo/ulnar.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tmnkv/~3/kx-pemx6jmi/kidskin.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tmwrz/~3/-rutjgt6qie/abaca.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tnamaojw/~3/jj4nzzn_ws4/dawning.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tnovdc/~3/nqjvplmn0di/helplessness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tnugquv/~3/ott4ofrnu70/ungrudging.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/toosobp/~3/7nekkw24q3u/christian.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tpcztvdwcee/~3/uutxraladjk/sergeantship.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tpxlu/~3/_sljn5xq9lg/insight.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tqlsyrdr/~3/8brtwrm4v3m/dither.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tqyqxvjoxt/~3/mbgfhldpwuk/subbed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tratbwfhbfj/~3/tmvojl5nfek/ideological.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/trhquhwlr/~3/4ncjbos4yk8/postage.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/trqoiv/~3/fr4jcc-eisu/mist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tsiezjb/~3/uz-jn_5rbl0/inkstand.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tszznxiku/~3/htssbk6x4vs/pithy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ttywmkydg/~3/7vincvwsb6i/caldron.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tuanbythuh/~3/bujbtf-cm1s/karakul.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tusgouw/~3/-hz6yajgg3k/endorse.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tvcknfhwnzl/~3/bo1japvn7to/perfunctory.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tvcystrum/~3/srlgy1u5ou0/cordon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tvnvmirmyo/~3/c2qnon95awo/embryologist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tvoolwcgks/~3/8sca-om7_-a/fertilization.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/txnsofecjhf/~3/2wpz9unjx1q/tearjerker.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/txtdwhcjf/~3/bhhmdqid6f0/icing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/txuznn/~3/1fwdze_n1tq/residing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tycliixs/~3/pwvtvrzgvyc/planner.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/tzkomecpvpb/~3/lz2-lro-c3e/tatter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uazxv/~3/j9aglj3gu54/computationally.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ubbysbsqqk/~3/jvtevupx1rs/page.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ubktrqqhbfl/~3/pxzxtuy6osa/undertaker.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ucxpm/~3/maexnbaxnhk/worshipper.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uddlmip/~3/nuj3d8h8mdw/unrefined.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/udgxtkeyx/~3/w9hwpgq8fz0/prepayment.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/udnzlb/~3/gacshtmoe94/hallucination.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/udxhtackret/~3/k8jtylqrq94/hitherto.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ueeaem/~3/2x1wd9nwrtu/ibuprofen.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uejhclpmrm/~3/y7_xvh3dyds/outgrowth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ufmdxkzua/~3/a7hb05s7ka4/epicurean.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ufwfmobd/~3/mfknym_hyns/courtage.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uhwrmkl/~3/2fcccncpmvo/antinomic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uiciia/~3/payfwvcak8o/shoddy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uikjxxjf/~3/qwzvyeefpoc/mire.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uiosfr/~3/jgajn60p-r4/universal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uivvrfjvrne/~3/r-u0nvrhqwq/incontinent.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ujcyydm/~3/qbrltfhyxsw/subculture.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ujktniubnxw/~3/ic9hyqy5z28/superstitions.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ukczkwxcf/~3/wrucipgn6de/equaliser.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ukvngumipv/~3/ndbyyjw_jmk/annette.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ulakojcewq/~3/rvi-kqbz2zs/emulation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ulcodvnc/~3/q9l2eddbsri/sowed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ulrbyu/~3/jueaxg0yyka/subphylum.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ulrqllcho/~3/rbvi414kys4/neatness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ulzpinxfev/~3/zxaotvsjrjw/blurt.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/unfhw/~3/i58esjnuodq/flora.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/untpggz/~3/57gd--l81ws/transaction.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/upnmtyodhe/~3/nctd7ymyvb8/sideline.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uqlcubmeup/~3/zy8anic1bvk/pressurizing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uqsuk/~3/5wsixtkwcaq/paste.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uqvitgbkoug/~3/2retsc0cybk/kilos.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/urbnhtdtsps/~3/imzha-vtugo/apreciative.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/urmillya/~3/hwpyzakkvjm/wardship.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/urxqgrn/~3/4baqddxaafa/cleft.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ushtizj/~3/yxksn7-iijw/snippiness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/utqvj/~3/lpvppfqyjk0/timpani.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uujgjdaijy/~3/7iki33dcoew/undo.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uujolgq/~3/jswo1kxumo8/polytheist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uuoqw/~3/zqzmu4dhdaa/scrubbing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uuytxzzozbt/~3/clfqwiue7vc/grace.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uvcppcytbdf/~3/uthocasjkbc/suited.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uvjpmc/~3/q_bnf_0dhys/talcum.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uvlicxijh/~3/5_jvtkba3tg/indulging.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uwcfatpz/~3/rcqdkj0bse4/skim.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uwgffmzw/~3/tadrpbu1das/consolation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uwmjyjb/~3/ar-8xrw6en4/episode.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uynmytvxqxf/~3/qvclypzrku0/ambitiously.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uywcgsdoosb/~3/mvmgyko5bis/latrine.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uzcamljpj/~3/4ruyomygfrq/promissory.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/uzrpo/~3/mbgfhldpwuk/subbed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vbhezbyhu/~3/4hpodogjat4/force.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vbwnuj/~3/cyvm5wp2jiy/despicable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vcrvu/~3/hugrtxlkf8s/subcontracted.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vdhovux/~3/zkrfz1rg6oa/popularize.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/veouxlnhf/~3/2byi4m77npw/adjudicator.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100006999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vgurnmgpac/~3/oop_wpwbcmm/born.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vhhac/~3/kpsrljpp4hg/mediation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vhrlmkbf/~3/onx8k0_3apc/pictured.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vhujczb/~3/4dxs12g3xom/associativity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/viakznvbbha/~3/0xun8h7zxok/dreamt.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vitgkewtk/~3/1h-d-vucqo0/fiche.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/viwaa/~3/guu00h2jsva/unprintable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vkduktn/~3/ekxyskcaht0/nonvoting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vkojqdabby/~3/om8agk8dtrm/unpaved.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vkptwy/~3/mtskx2bkuem/somersault.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vkqhmbnf/~3/hcyrp2fjdpo/huh.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vlcsy/~3/vxjwid8gn1g/routinely.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vlhlza/~3/i9ltmy_oidi/taut.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vmefn/~3/g6l7hq_upmq/bountiful.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vmjtujs/~3/tyimp5120ie/refining.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vmswyfrnr/~3/6geejoxvxeg/vestment.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vnvqs/~3/-ulzdogfyfs/thousandth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vobpwayhtzv/~3/rmtt3okj1ze/inky.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/volcduono/~3/rhdpi0qsbh4/promenading.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vorer/~3/6npigf9lyc0/easiest.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vpnjyqyku/~3/j-cg6lpnp0o/exceptation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vpvxbfm/~3/j4rqivgxwf4/root.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vqimy/~3/99s7cf3xbce/delayer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vrpciptg/~3/ktzureldryo/unanimity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vrriyntqrrd/~3/ggjpzcff3_a/assaulter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vrrsleekxw/~3/0qicpxwsnmg/humaneness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vrwaupgixon/~3/aiirurekzgs/smoothness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vsmltlh/~3/o3mq7yrb2ai/aftereffect.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vsrha/~3/b5zagxqsqv8/ghoulish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vszodorj/~3/6cz67u_e1_g/designer.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vudnpzryby/~3/xee-utreih8/wordless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vurykfeqr/~3/auljhbakh6w/devious.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vwrcr/~3/jo5iiqc7uk0/uaf.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vxeopbxoo/~3/jq8zcg1zpyy/tome.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/vypqvtxjzri/~3/ahlxptogzpw/insipient.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wabwofm/~3/gfhbee8fhxi/mice.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/waoqnpjwz/~3/tyqv2un3knk/abranchiate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wazhqx/~3/gr83ly9b0ki/plop.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wbowsbchg/~3/e_bqu0h4r2u/silentness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wdactp/~3/5j3itvoezlu/disgrace.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wddeeep/~3/srlgy1u5ou0/cordon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wdloac/~3/hz4hdcowf2u/peace.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wearrloldeg/~3/_z-0wnxyf9y/facility.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wektjyirw/~3/ozp8xzlwdjm/tawdry.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wevrmznxj/~3/-jghus6iouk/shaman.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wezrmwlhrm/~3/66dgfzv48ym/incubate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wfcvtfaqotn/~3/n4tlyz0zraw/aeronaut.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wfpby/~3/kac3w53zw1a/animator.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wfvlr/~3/ypssheesdre/jobless.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wfzhs/~3/mdqd_vvlsnw/abbreviate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wgljoaifngg/~3/p1pwapjhy-u/decamp.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wgmivtmt/~3/kwmrbmi9nz4/pep.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wgqwrvib/~3/hcyrp2fjdpo/huh.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wjbfoolp/~3/5sgrcu-9yg8/dig.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wjbuajo/~3/cuu1wjytxuk/unselfish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wjffib/~3/em9llko7c1w/unleash.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wjkekoxeubf/~3/rmybedjq544/potting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wjnokqpipng/~3/udsmvyjg1mq/melancholia.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wjrvako/~3/axbjsq0bjto/philter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wkccuehxb/~3/e9s55n1ke_k/could.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wkufpgoehc/~3/omm2poi4en0/pragmatism.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wlokozwgv/~3/wsk4arrnjzm/supplant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wlqaemog/~3/hqcvaborqtm/uncase.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wmemro/~3/pnaa9pbfgac/bermuda.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wmklnymjzx/~3/itt__wyzbna/tenacity.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wncnpmddnq/~3/olhetet-bbs/do.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wpfdlw/~3/nqcxtds5yic/brutally.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wqadspddd/~3/68k5vgzvlca/tricorn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wqfkis/~3/zqzmu4dhdaa/scrubbing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wqzku/~3/nqcxtds5yic/brutally.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wtfftdhkr/~3/zhhashh38za/disfigured.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wtmeu/~3/ujsvo8vub_a/engagement.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wtzbjr/~3/d8ffqgdmmea/humor.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wuhfax/~3/c53ecbtfjq8/touchstone.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wvyltkbsvki/~3/2dn9uqzowis/overshoot.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wwoukryuv/~3/l_ercsoumye/tribit.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wxbddix/~3/zruase1oaq4/unclasp.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wxibgzsllnm/~3/fxf-ajnki6y/hellish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wxipbnv/~3/idvedqx6_bs/astronomy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wymyoykyny/~3/beaj5_7te4a/suppression.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wyrvqw/~3/k-ooa2lqteq/lee.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wyshhq/~3/3aoi4mj_wwi/triplication.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wyycwtzq/~3/5ielfxvqyys/nominated.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wzcze/~3/5tvdo6lqfji/nearly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/wzxypaqx/~3/vlqiho1snu8/ltd.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xaqvmphke/~3/hwnr0fxfk6g/peck.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xazdczerd/~3/oae5o2lxrqs/usual.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xbgxojqzi/~3/kbvec6fi6tk/seamingly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xceiowmsof/~3/eyuajyupyts/postings.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xekpfxyszl/~3/m_jmapobf1e/cataleptic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xepzbj/~3/wkxqpkz72fe/stradivari.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xewwqxke/~3/tspm7j_dw7i/corinth.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xffjeqp/~3/5tvdo6lqfji/nearly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xfnughhlxza/~3/fky7x2dlhki/colossal.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xgenhyhvi/~3/tptqfbszeni/subdeb.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xgqjdpr/~3/6sy25epgjui/dross.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xgtsn/~3/dcufoc1awcm/pictorial.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xgxrvczazqg/~3/9fxjolqxf8s/john.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xhtshxkriez/~3/jrewnuhy1sm/exclusive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xizcochfoh/~3/2dn9uqzowis/overshoot.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xjmtdny/~3/1tsz4smx-h0/mastiff.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xjrhdu/~3/lvv_nppc_0g/podia.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xkhaue/~3/nt6sogzlmsy/doggedness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xkksvt/~3/sb2j-2ly-ei/allure.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xkugdeyl/~3/rhdpi0qsbh4/promenading.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xldxyskcsfr/~3/atii0lytrru/participating.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xlwemvhmfnf/~3/mkcosehshte/reassert.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xmlkgh/~3/yznkqvey69m/shapelessness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xnglrzquv/~3/b31arncnsr0/shock.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xnmxskq/~3/16xtctyhmwu/crossover.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xnngkgle/~3/ntglyj8ewo0/devilish.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xnqvqoerv/~3/kuszhgzwq5w/being.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xotzrueq/~3/pxt3bi6ua1q/bewilder.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xowub/~3/msz5ikaqcoo/platter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xoxmcwlcma/~3/gqvq9bg24p8/abashed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xpdmkgxxri/~3/dokdounbgyo/weakened.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xpiaqcvbqc/~3/bujbtf-cm1s/karakul.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xptfqfitqx/~3/yfltwjd0ors/usurpation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xpzoavxhmej/~3/umb0k18sdtw/banking.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xrlam/~3/t3c6hqoe7z0/ratter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xtwoytbcll/~3/osaabfrcrpi/lure.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xuyvjolljg/~3/rskdjbk34dw/bestiality.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xvcxhesoktk/~3/5kjxtllgwio/frozen.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xvqinkjxj/~3/j2xm8lt5hrk/underpin.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xwcpqbgg/~3/2anr8nnb-5c/stewardess.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xwknw/~3/pvrps1e4j84/magnetron.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xwwgcwgufvj/~3/tiucnyhw3ay/quicken.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xyfknbts/~3/zryixr7wt9o/ufo.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xzeymvpkpg/~3/s668ceoaanm/stored.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xzluwuoc/~3/qvclypzrku0/ambitiously.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xzplmq/~3/t1h4uxthfcg/forego.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xzvqfrizrf/~3/qfc_wdislpq/customization.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xzxkqnk/~3/btgfwegkg8o/repacking.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xzyfnmovv/~3/kzxvq53gmeo/late.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/xzzmcnt/~3/n78kouftiaa/nightclothes.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yakjl/~3/x9abxta23w4/african.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yarbd/~3/2we1k37aevi/weighmaster.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ybdpzsmdfre/~3/kbvcbc9pimg/potentially.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ybdrfthofl/~3/eie4do3f31g/guardian.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ybwtgcsjei/~3/zqhp4ybkd1a/dyadic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yciiv/~3/e48dhjq7tfs/lyrics.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ycmqq/~3/7jtg_atrnmy/functionary.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ycpnbkh/~3/vnzbliaxsm4/siltation.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ydqtmues/~3/rsjonxp69n4/foghorn.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ydroefuvr/~3/5yvehub0ywy/fad.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ydxhm/~3/xriwhemsalw/multiple.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yfnwenbojxo/~3/48u688hzcos/warmheartedness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yfzaxotrl/~3/gus55-sr184/pogrom.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yhemixjbww/~3/o2opbicn8_i/platter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yhyunalg/~3/j-kuibsmu5q/preeminence.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yigoyqiy/~3/3av6s_js28q/pachuco.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yisaxqiz/~3/omqhsqvq6kq/saloon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yiyrdtkyzru/~3/wyneumhdyk4/abatements.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yjmnu/~3/r6sbklhuepe/elegiacs.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ykdxxgdwics/~3/mutz25aaf4w/extortionist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yknjajffk/~3/k-ayfpf07so/preliminaries.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yktkxp/~3/ijkfuolaioq/stub.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ylhgrxjknu/~3/2eiuztsfl2o/yoke.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ylvjkhj/~3/c0ojk6s21x4/brotherhood.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ylwldhnqep/~3/jcv4uhjybxq/subdivider.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ymkci/~3/ftrjtexwhe8/inevitable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ymngfk/~3/dkx0hr3zkl4/thorny.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ymxhkiwte/~3/1824uoeilb0/subs.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ynhgl/~3/_avlwc1f--c/haphazard.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ynwht/~3/8wf4-ctmqbe/obeisance.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yoinbqlh/~3/svxokyfqtiq/chameleon.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yokkcqutj/~3/2kftwx4wrkm/polymerizable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yolbyoi/~3/lb2ujanzhfy/logoff.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yopcfviat/~3/i0mdfdc9kcm/distance.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ypijvja/~3/n7p1xq5lpvk/interactive.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ypqximoztp/~3/jlzm-6sepxo/camel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yptltdeun/~3/ke-x3h3xcvk/correctable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yqdjodz/~3/afwbavswkha/smothering.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yqvffvw/~3/5sgrcu-9yg8/dig.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yrhisgkqcun/~3/o06l2zfwnvk/imperialist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yrkajpyigl/~3/ahlxptogzpw/insipient.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yrkobogjvrb/~3/akkhncoocfa/bracing.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yrwfgiexn/~3/n71bbcagvbm/confessedly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ysbdk/~3/0qyhmubhvzs/impede.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yscrcg/~3/s2rxd4uqmze/hilt.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ysgxgx/~3/tscwnmkx6u4/aggrandizement.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ysyrkcw/~3/ar_lxrzyfu0/humanely.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ytxgoq/~3/k-ayfpf07so/preliminaries.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yulkf/~3/tfwfu4nvxh4/acerbated.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yurknzwr/~3/4qzdo7xispe/index.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yvwrbcoz/~3/0n041kqw8_q/aerodrome.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ywrqysdkj/~3/xtkmyosx1mo/cosmodrome.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ywsbyovqzgp/~3/drryer6mx1c/tyrannical.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ywvhqumv/~3/phwnqqoq0xw/arrant.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yxmlun/~3/lzwbmcnmdkk/unreel.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yxpzz/~3/ehx-ll6obd4/shag.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yybgxeip/~3/gl9ysgsvk-i/wapitis.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yyehyxoqcgn/~3/xrld-ukvysm/filter.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yyhggxr/~3/0wliftlxi1c/greeting.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yyqshgi/~3/n-lsxkyhtg8/impolitic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yznnpbxfepc/~3/fctcwfv-2d0/semitic.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/yztstcyy/~3/gpyxirhiyho/sceptron.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zbxaoxmct/~3/n4c5sohehso/stroked.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zdsyvm/~3/bx9i9b_fkw4/ersatz.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zgeglqwykm/~3/whnci78ezpu/ponytail.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zgfassbutyx/~3/ialrhxv5kmm/sprint.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zgobulsu/~3/ltjxud3fcam/tuneups.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zhlflssku/~3/pbtc8zwjygm/livable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zhulf/~3/p-7h-cvcxmy/adenoid.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zhzeur/~3/ycoyht40jxg/antipathy.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zibfysgypj/~3/pgerdpduv6c/swampiness.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zjtsnfekbw/~3/lzomlatfnaq/en.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zkooyprm/~3/rymgivlri2m/rescue.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zmjkz/~3/c7ftj19xgcy/intourist.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zmromnhqi/~3/yjjv0mm5lyc/earlier.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/znskjppab/~3/gag-yshhijk/climate.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/znwsgjatnmp/~3/o-k0vb56ply/indefeasible.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zocad/~3/l1w29j3t6d4/crisis.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zognyst/~3/bbtj5onljco/tieback.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zozifiidux/~3/e48dhjq7tfs/lyrics.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zoziqddzgt/~3/swlho3snq0y/chickadee.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zpgzp/~3/wnt3x3epx-g/dote.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zpktvirikqe/~3/zxsw7gbvpjq/signifying.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zpncxs/~3/gebudwwz5vc/astraddle.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zqdxmk/~3/-rnwullq5na/demonstrator.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zqqqfelfbn/~3/brnvvgditba/insular.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zrfrh/~3/2pkj8cwgvd0/faction.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zrvbl/~3/m4yefehqtjy/atheism.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zsfegqcscyh/~3/pdyuko1qfyc/irreplaceable.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ztcfmvb/~3/iszfzls5nvy/conical.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/ztywc/~3/jvd_-55ruym/superhighway.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zuudhaxay/~3/1_vtujdqexq/absurd.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zuxysxqlu/~3/xgwwcmlezqw/slumberously.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zvgts/~3/bfdaicpppvs/detach.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zvkznzgvmjh/~3/5cannht5d4e/addressor.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zwjsgvcf/~3/skhvmcl9pqq/switchboard.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zxfkmzdj/~3/duw6xo-tbmk/vitally.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zxgrp/~3/twy2hgfeuhq/whispered.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zxihnagniy/~3/ujsvo8vub_a/engagement.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zyegqq/~3/o1awmqadtfg/portend.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zyprce/~3/i4rd0ltkfyg/mousetrap.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zywwxqx/~3/syue6wuspgo/scribed.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/~r/zzgcsm/~3/8txulnx7e9e/mildly.php"; endswith; nocase; http.host; content:"feedproxy.google.com"; classtype:trojan-activity; sid:100007237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdm/latest/flashplayer_install_cn_fc.exe"; endswith; nocase; http.host; content:"flash.cn"; classtype:trojan-activity; sid:100007238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamme1020031/7f8afdef02118d68a66896f35edfd143/raw/12e0ab2177636791347799435ae18e85522aafc7/link.jpg"; endswith; nocase; http.host; content:"gist.githubusercontent.com"; classtype:trojan-activity; sid:100007239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatibus-accusantium/ad.zip"; endswith; nocase; http.host; content:"greenhillsacademy.org"; classtype:trojan-activity; sid:100007240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatibus-accusantium/autem.zip"; endswith; nocase; http.host; content:"greenhillsacademy.org"; classtype:trojan-activity; sid:100007241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatibus-accusantium/documents.zip"; endswith; nocase; http.host; content:"greenhillsacademy.org"; classtype:trojan-activity; sid:100007242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatibus-accusantium/eius.zip"; endswith; nocase; http.host; content:"greenhillsacademy.org"; classtype:trojan-activity; sid:100007243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatibus-accusantium/laudantium.zip"; endswith; nocase; http.host; content:"greenhillsacademy.org"; classtype:trojan-activity; sid:100007244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voluptatibus-accusantium/minus.zip"; endswith; nocase; http.host; content:"greenhillsacademy.org"; classtype:trojan-activity; sid:100007245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; endswith; nocase; http.host; content:"jointings.org"; classtype:trojan-activity; sid:100007246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; endswith; nocase; http.host; content:"jointings.org"; classtype:trojan-activity; sid:100007247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; endswith; nocase; http.host; content:"jointings.org"; classtype:trojan-activity; sid:100007248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quis-rerum/documents.zip"; endswith; nocase; http.host; content:"kino-moon.info"; classtype:trojan-activity; sid:100007249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/affiliate/kuaizip_setup_10029.exe"; endswith; nocase; http.host; content:"kuaizip.com"; classtype:trojan-activity; sid:100007250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k/big5/1giof6/"; endswith; nocase; http.host; content:"minpic.de"; classtype:trojan-activity; sid:100007251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/at.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/documents.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/et.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/fugiat.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/fugit.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/pariatur.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/qui.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occaecati-qui/sed.zip"; endswith; nocase; http.host; content:"neonluzz.com"; classtype:trojan-activity; sid:100007259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yws/api/personal/file/web3a243b322cf83ca7cae587a92916bac7?method=download&inline=true&sharekey=649ac0bb5d5b13d15cbf50b2609e193a"; endswith; nocase; http.host; content:"note.youdao.com"; classtype:trojan-activity; sid:100007260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?%20cid=69562cebc8e9a844&resid=69562cebc8e9a844!10795&authkey=apaxxegx9yd235k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?%20cid=69562cebc8e9a844&resid=69562cebc8e9a844!10796&authkey=acwf4ozbldq-phy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?%20cid=69562cebc8e9a844&resid=69562cebc8e9a844%2110795&authkey=apaxxegx9yd235k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?%20cid=69562cebc8e9a844&resid=69562cebc8e9a844%2110796&authkey=acwf4ozbldq-phy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?&resid=81445407a9f44d37!197&authkey=apuz15kftzlrysa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?&resid=81445407a9f44d37!198&authkey=ags5rgb15_esaqq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?&resid=b4c15a27928f663b!229&authkey=aiarm61fwmd_npe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?&resid=b4c15a27928f663b!230&authkey=ancu1eabetiubzg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?&resid=b4c15a27928f663b!231&authkey=ai9h3sk_luxran0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?&resid=c127f9e0fb7cbbea!214&authkey=aat73nvghhjdr9g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?authkey=adf5p_kn8rjf29y&cid=34224e3e49966a27&resid=34224e3e49966a27%211732"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=013413cfbbbcfae4&resid=13413cfbbbcfae4%211656&authkey=ai9wpcp_k9okgk4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0153c2a7092ee91c&resid=153c2a7092ee91c!111&authkey=aemrwamaaaiyyjc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0153c2a7092ee91c&resid=153c2a7092ee91c%21111&authkey=aemrwamaaaiyyjc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0175cdbe2d2944c5&resid=175cdbe2d2944c5%21107&authkey=al6uptubjmmugo0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=01f191d863b4d5a4&resid=1f191d863b4d5a4!157&authkey=aagcsm7chqez6uu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=01f191d863b4d5a4&resid=1f191d863b4d5a4!158&authkey=amsoii5nr6pomhc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=01f191d863b4d5a4&resid=1f191d863b4d5a4%21157&authkey=aagcsm7chqez6uu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=01f191d863b4d5a4&resid=1f191d863b4d5a4%21158&authkey=amsoii5nr6pomhc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=02e98840a4c9fd6c&resid=2e98840a4c9fd6c%211177&authkey=am0i98nwgvzgqvq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=02e98840a4c9fd6c&resid=2e98840a4c9fd6c%211183&authkey=anv33trmzmi5cko"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0319bb40eba80dcc&resid=319bb40eba80dcc%21110&authkey=ag8bs48lq9n-piw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0449719462e7e07b&resid=449719462e7e07b!1335&authkey=aayibsgf5_o4cfs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0449719462e7e07b&resid=449719462e7e07b!1338&authkey=adszlsldn3ohxwu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0449719462e7e07b&resid=449719462e7e07b%211338&authkey=adszlsldn3ohxwu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=045adcdfe91be4f5&resid=45adcdfe91be4f5%21318&authkey=aa6lutarluhyj48"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0489c74de4facb30&resid=489c74de4facb30!109&authkey=ajo32arrzl_vwdq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=062a585e433edce3&resid=62a585e433edce3%211618&authkey=ahzfppat_uettfg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=087f57dcf1bd61bc&resid=87f57dcf1bd61bc!113&authkey=ap0wsc-rsiegllw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=08c99a25df0f51c5&resid=8c99a25df0f51c5!198&authkey=amzashahr2ley9q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=08c99a25df0f51c5&resid=8c99a25df0f51c5%21198&authkey=amzashahr2ley9q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=09629e9967c87661&resid=9629e9967c87661%21148&authkey=aoymksies-dflr4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=09eebe7829f6351d&resid=9eebe7829f6351d%21827&authkey=amysfuvfuc5jezq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209!106&authkey=ae_luu1wuw5owaa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209!113&authkey=ajrvfkktzqxvrwy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209!114&authkey=aanzorfukgn2ejq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209!115&authkey=aoogdgss6oq2ema"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209!116&authkey=afnhvtggfwkwygu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209%21106&authkey=ae_luu1wuw5owaa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209%21113&authkey=ajrvfkktzqxvrwy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209%21114&authkey=aanzorfukgn2ejq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0a84be42ccedb209&resid=a84be42ccedb209%21115&authkey=aoogdgss6oq2ema"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0b476d68a3403083&resid=b476d68a3403083%21206&authkey=alcn68_ws-fhk4i"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0d59c202e35694c2&resid=d59c202e35694c2!273&authkey=ae2m69e5nu3rrea"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0d59c202e35694c2&resid=d59c202e35694c2!274&authkey=acqg0akutoxdpgo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0d59c202e35694c2&resid=d59c202e35694c2%21273&authkey=ae2m69e5nu3rrea"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0d59c202e35694c2&resid=d59c202e35694c2%21274&authkey=acqg0akutoxdpgo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0f0a5aadc4c3c242&resid=f0a5aadc4c3c242!309&authkey=alfe36drai1zmwc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0f0a5aadc4c3c242&resid=f0a5aadc4c3c242%21309&authkey=alfe36drai1zmwc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0f51d04c9d556964&resid=f51d04c9d556964%21123&authkey=aco5hiwppfq8vrw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=0f51d04c9d556964&resid=f51d04c9d556964%21124&authkey=ai6sfa2z-kqf6x0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=125290ca4dc682c9&resid=125290ca4dc682c9%21452&authkey=afdp5rurqhdqa2a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=13b301f1cb48f8cd&resid=13b301f1cb48f8cd%21106&authkey=aiae3olcs4lulz4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=165468846f076ee7&resid=165468846f076ee7!118&authkey=antash3ig98aqte"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=165468846f076ee7&resid=165468846f076ee7%21118&authkey=antash3ig98aqte"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=174a158b69387a7e&resid=174a158b69387a7e!348&authkey=ahnjoxa4ufoxa54"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=174a158b69387a7e&resid=174a158b69387a7e%21348&authkey=ahnjoxa4ufoxa54"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=174c8f18de0ea9ad&resid=174c8f18de0ea9ad%21195&authkey=accfhr51m17nsmu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=174c8f18de0ea9ad&resid=174c8f18de0ea9ad%21197&authkey=acglfn1jo7crduk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=18418adacefed6e2&resid=18418adacefed6e2!126&authkey=ad4yflrisq6d82g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=18418adacefed6e2&resid=18418adacefed6e2!129&authkey=apqoonsrce0ari4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=18418adacefed6e2&resid=18418adacefed6e2%21126&authkey=ad4yflrisq6d82g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=18418adacefed6e2&resid=18418adacefed6e2%21129&authkey=apqoonsrce0ari4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!107&authkey=afyhyu48qyeocqe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!110&authkey=ajv93svfnyetgku"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!116&authkey=ag5bv16wun5vjys"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!118&authkey=ajorbpugzhia4gw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!122&authkey=ag4u9lnuer0w0sy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!129&authkey=agvuctd5xtxwb6a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!130&authkey=aactwvd3_ng0gcy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!131&authkey=akoyasfnjcyebwq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!132&authkey=aljbshed7sqgscg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!137&authkey=anpjqezrfuxnzx8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!140&authkey=absvrqvfpzxwwew"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!141&authkey=aocgl91hb-mb-qm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e!144&authkey=afjzi-5yuaiw6mu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21107&authkey=afyhyu48qyeocqe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21110&authkey=ajv93svfnyetgku"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21111&authkey=afn7prpmegrhfce"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21112&authkey=aopuce2kir8nw0i"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21116&authkey=ag5bv16wun5vjys"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21118&authkey=ajorbpugzhia4gw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21122&authkey=ag4u9lnuer0w0sy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21129&authkey=agvuctd5xtxwb6a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21130&authkey=aactwvd3_ng0gcy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21131&authkey=akoyasfnjcyebwq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21132&authkey=aljbshed7sqgscg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21134&authkey=akwnksybfyjzwiu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21137&authkey=anpjqezrfuxnzx8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21140&authkey=absvrqvfpzxwwew"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21141&authkey=aocgl91hb-mb-qm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=19059128a4af613e&resid=19059128a4af613e%21144&authkey=afjzi-5yuaiw6mu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a162e8fcaaef5fa&resid=1a162e8fcaaef5fa%215495&authkey=aic7rmj1cm3rt2w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!106&authkey=ad2zzae6xvvvgke"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!108&authkey=aatey8nyxijopyk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!111&authkey=aj1boygplpmeeci"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!112&authkey=aamoh0ly6d5yfvm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!113&authkey=adcwhapjyxij0bk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!114&authkey=ahgpbokpyuforhe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!115&authkey=ajxqmsddone1qrw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!116&authkey=aocxv_q08ek9imy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!117&authkey=aeasi9ph-qkw5ig"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!118&authkey=al55l2hriznei_s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!119&authkey=aely4srfev1zgm0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!121&authkey=acci5wf7fglwiu0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090!124&authkey=alpqoq5uuy5ihgc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21106&authkey=ad2zzae6xvvvgke"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21108&authkey=aatey8nyxijopyk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21110&authkey=adsyis9woytmzvg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21111&authkey=aj1boygplpmeeci"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21112&authkey=aamoh0ly6d5yfvm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21113&authkey=adcwhapjyxij0bk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21114&authkey=ahgpbokpyuforhe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21115&authkey=ajxqmsddone1qrw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21116&authkey=aocxv_q08ek9imy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21117&authkey=aeasi9ph-qkw5ig"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21118&authkey=al55l2hriznei_s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21119&authkey=aely4srfev1zgm0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21121&authkey=acci5wf7fglwiu0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1a2a08711a124090&resid=1a2a08711a124090%21124&authkey=alpqoq5uuy5ihgc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1c14977b48a91558&resid=1c14977b48a91558!8182&authkey=aautw8tvzxr5v3a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1c14977b48a91558&resid=1c14977b48a91558%218182&authkey=aautw8tvzxr5v3a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dbdf62bc3c2b05b&resid=1dbdf62bc3c2b05b!134&authkey=ape6bhxn7c89z60"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!107&authkey=ajypjmbx_a4v9h0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!110&authkey=af1oqvfhbn-io8a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!111&authkey=adpwqyfa9lepeb4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!112&authkey=af5p1ceesa2682o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!113&authkey=afpl2eqnu4v0220"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!116&authkey=anxabrspd5sdxla"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!121&authkey=ajtlyerrsap3izu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!124&authkey=af1mmk-xffyzp20"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!126&authkey=aghb6imi6wmtbuc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!130&authkey=achzhnyxghgxsvu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!132&authkey=ad5bjzljx2uqqho"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!135&authkey=abbiwvut41j7y40"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!137&authkey=amx7udlxkl0q7ei"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!138&authkey=amubxxsbek_y6pg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!140&authkey=aniog0tbprmsd0k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb!141&authkey=acfnkjmmlhlr6rm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21107&authkey=ajypjmbx_a4v9h0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21110&authkey=af1oqvfhbn-io8a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21111&authkey=adpwqyfa9lepeb4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21112&authkey=af5p1ceesa2682o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21113&authkey=afpl2eqnu4v0220"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21116&authkey=anxabrspd5sdxla"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21121&authkey=ajtlyerrsap3izu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21124&authkey=af1mmk-xffyzp20"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21126&authkey=aghb6imi6wmtbuc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21130&authkey=achzhnyxghgxsvu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21132&authkey=ad5bjzljx2uqqho"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21135&authkey=abbiwvut41j7y40"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21137&authkey=amx7udlxkl0q7ei"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21138&authkey=amubxxsbek_y6pg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21140&authkey=aniog0tbprmsd0k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1dd60d2a386439eb&resid=1dd60d2a386439eb%21141&authkey=acfnkjmmlhlr6rm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=1f48501ee4e8735a&resid=1f48501ee4e8735a%215268&authkey=advgihzjzelvkdg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=208dce306fa91736&resid=208dce306fa91736%21184&authkey=ae6l_lmeqbcwqs4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=208dce306fa91736&resid=208dce306fa91736%21185&authkey=abpinbsiqu9kj0c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=23423a594eafc2de&resid=23423a594eafc2de%21130&authkey=aeh1dm0c-5hp44a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=24ef9e675b079af9&resid=24ef9e675b079af9%21154&authkey=alkjikpdfxvm8po"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=24ef9e675b079af9&resid=24ef9e675b079af9%21155&authkey=afu-yax_gxxddoe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=24ef9e675b079af9&resid=24ef9e675b079af9%21156&authkey=alqvv8nixrvsqrk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=25288a421991d52c&resid=25288a421991d52c%211553&authkey=acw1z0sjljf_rwq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=265daf943be0d06f&resid=265daf943be0d06f!191&authkey=ajvumpkzpla_nca"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=265daf943be0d06f&resid=265daf943be0d06f%21191&authkey=ajvumpkzpla_nca"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=26bbd7d5ad88dd29&resid=26bbd7d5ad88dd29%21115&authkey=acipfa3gbiqqcvu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=26f87316a7e32bb5&resid=26f87316a7e32bb5%21106&authkey=aepqo5hlkxn1t1k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2831401bbac0235e&resid=2831401bbac0235e%211037&authkey=aagnkp6l76yhrlo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2968c371f5450503&resid=2968c371f5450503!122&authkey=aaqhhxbnwfwrz28"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2968c371f5450503&resid=2968c371f5450503%21122&authkey=aaqhhxbnwfwrz28"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2c1abc526306a6e1&resid=2c1abc526306a6e1%21106&authkey=adjthwhvjkbioc0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2c38c37ed8430789&resid=2c38c37ed8430789%21109&authkey=aopcxq3owfiv620"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2c38c37ed8430789&resid=2c38c37ed8430789%21114&authkey=ajzoj0ujggsnxlo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2c38c37ed8430789&resid=2c38c37ed8430789%21115&authkey=aglznnsx71tbe9e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2cbd310015bc2d37&resid=2cbd310015bc2d37!183&authkey=akon9i9zzhusiuk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2cbd310015bc2d37&resid=2cbd310015bc2d37%21183&authkey=akon9i9zzhusiuk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2cc133e5e8e9b372&resid=2cc133e5e8e9b372%21129&authkey=afewmy81vpxgidg&em=2"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2f4d6884e933cb1a&resid=2f4d6884e933cb1a!116&authkey=!abwledjhfsqwap4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2f4d6884e933cb1a&resid=2f4d6884e933cb1a!121&authkey=!aa0qbuuss-wb13w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2f947402293c14c1&resid=2f947402293c14c1!119&authkey=apmakx2cqb9rimu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2f947402293c14c1&resid=2f947402293c14c1%21118&authkey=acrl2iiem-zjer8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2f947402293c14c1&resid=2f947402293c14c1%21119&authkey=apmakx2cqb9rimu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=2ffaa48ef4bec51a&resid=2ffaa48ef4bec51a%21107&authkey=aiohrvrc3uuo_cw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=30d775d2cfa6e2fc&resid=30d775d2cfa6e2fc%21291&authkey=ah0cpc4rbrlfr-q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3112e77688f09693&resid=3112e77688f09693!320&authkey=aooujzuf408dclw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3112e77688f09693&resid=3112e77688f09693!321&authkey=almpxnbtsbzauna"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3112e77688f09693&resid=3112e77688f09693%21320&authkey=aooujzuf408dclw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3112e77688f09693&resid=3112e77688f09693%21321&authkey=almpxnbtsbzauna"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3164ddeba70d2263&resid=3164ddeba70d2263%21106&authkey=afkvqrm4zoor8qq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=31771958ea3373a1&resid=31771958ea3373a1%21108&authkey=aiofxduo9rdb_-o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=34207675f7506d94&resid=34207675f7506d94%21137&authkey=angxnhqpe2x5koc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3447601ab357f8c1&resid=3447601ab357f8c1!114&authkey=aitwerxd-t2cxl0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3541c4a292f61866&resid=3541c4a292f61866!107&authkey=af08d9zk1yestqa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3541c4a292f61866&resid=3541c4a292f61866%21107&authkey=af08d9zk1yestqa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3674d56d2003f59c&resid=3674d56d2003f59c!139&authkey=ap4bbakgkikau-a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=36f253758422a984&resid=36f253758422a984%21402&authkey=anpud5xyjui5kio"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3892a0364cb5da65&resid=3892a0364cb5da65!152&authkey=am09sv26njxzyn0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3892a0364cb5da65&resid=3892a0364cb5da65!153&authkey=ajs0jkoeqkqjrze"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3892a0364cb5da65&resid=3892a0364cb5da65%21152&authkey=am09sv26njxzyn0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3892a0364cb5da65&resid=3892a0364cb5da65%21153&authkey=ajs0jkoeqkqjrze"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3a1715e2cb964f25&resid=3a1715e2cb964f25%213713&authkey=aortxmfnibnoqkk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3a958b25c1f9cd29&resid=3a958b25c1f9cd29%21132&authkey=aixaigjy3zgpzr0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3a958b25c1f9cd29&resid=3a958b25c1f9cd29%21133&authkey=anv6mg4elqi_8ty"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3a958b25c1f9cd29&resid=3a958b25c1f9cd29%21136&authkey=aoqnciagsnzqpaw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3a958b25c1f9cd29&resid=3a958b25c1f9cd29%21141&authkey=aapemy-rbpfkm5w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007465; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3bcd34d8ac2d7789&resid=3bcd34d8ac2d7789%21432&authkey=aa_npsupyqb2kge"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007466; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3bcd34d8ac2d7789&resid=3bcd34d8ac2d7789%21435&authkey=admsjhgpkbtcqzs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007467; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3c3232f304e9ac27&resid=3c3232f304e9ac27%219093&authkey=agtnyigpkfv1x6k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007468; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3f2905efa1c7ac3f&resid=3f2905efa1c7ac3f!154&authkey=aasj15d0g_p2pog"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007469; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=3f2905efa1c7ac3f&resid=3f2905efa1c7ac3f%21154&authkey=aasj15d0g_p2pog"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007470; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4000200b3fb8c24f&resid=4000200b3fb8c24f!134&authkey=aaipzy8nllirlky"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007471; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4000200b3fb8c24f&resid=4000200b3fb8c24f%21134&authkey=aaipzy8nllirlky"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007472; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4126f108980f52bc&resid=4126f108980f52bc%21105&authkey=amsklypwskcidbe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007473; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4126f108980f52bc&resid=4126f108980f52bc%21109&authkey=aa2-otufhc5pu-e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007474; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!107&authkey=aaoycxkmd1m-c-m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007475; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!108&authkey=alv5vrcjgfvplcw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007476; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!114&authkey=aext2zvfta7re9c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007477; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!115&authkey=anzhxnt-bbcijuq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007478; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!117&authkey=al4fe5bqzyx7nqo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007479; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!120&authkey=aj9btxldixqr4by"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007480; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!122&authkey=aec1z_ivoo6ymn0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007481; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!129&authkey=aawwgqermizq1du"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007482; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!130&authkey=ajhprwm_ou-hfke"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007483; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!133&authkey=acao__1jo32l0es"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007484; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!136&authkey=ad2f2z7e3-whe2i"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007485; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!137&authkey=anhyd5byidcgymk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007486; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!140&authkey=am6rbwcihsjhns4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007487; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!141&authkey=ai8rpm1cfw8erva"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007488; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!144&authkey=ahdirwrv3dmpc6e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007489; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5!145&authkey=adjxa2f9la575oc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007490; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21107&authkey=aaoycxkmd1m-c-m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007491; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21108&authkey=alv5vrcjgfvplcw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007492; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21114&authkey=aext2zvfta7re9c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007493; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21115&authkey=anzhxnt-bbcijuq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007494; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21117&authkey=al4fe5bqzyx7nqo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007495; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21120&authkey=aj9btxldixqr4by"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007496; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21122&authkey=aec1z_ivoo6ymn0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007497; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21129&authkey=aawwgqermizq1du"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007498; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21130&authkey=ajhprwm_ou-hfke"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007499; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21133&authkey=acao__1jo32l0es"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007500; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21136&authkey=ad2f2z7e3-whe2i"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007501; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21137&authkey=anhyd5byidcgymk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007502; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21140&authkey=am6rbwcihsjhns4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007503; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21141&authkey=ai8rpm1cfw8erva"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007504; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21144&authkey=ahdirwrv3dmpc6e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007505; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=42c7748b5e266cc5&resid=42c7748b5e266cc5%21145&authkey=adjxa2f9la575oc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007506; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=43de2034c4a02269&resid=43de2034c4a02269%211762&authkey=aguxzaszq3hzar4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007507; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=44d422e98133708b&resid=44d422e98133708b%21108&authkey=akr9cesktucbqik"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007508; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=44d422e98133708b&resid=44d422e98133708b%21109&authkey=adzxmpjk-etbkjq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007509; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=45f0213456d899c0&resid=45f0213456d899c0%211133&authkey=alwgkm79xod8hpy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007510; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=46502a2c71554588&resid=46502a2c71554588!143&authkey=airoopqogitlz2a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007511; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=46502a2c71554588&resid=46502a2c71554588!145&authkey=ajogqfyetrzpgga"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007512; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=46502a2c71554588&resid=46502a2c71554588%21143&authkey=airoopqogitlz2a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007513; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=46502a2c71554588&resid=46502a2c71554588%21145&authkey=ajogqfyetrzpgga"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007514; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4697057c65b5346f&resid=4697057c65b5346f%21535&authkey=ajvr-t0cl7x_die"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007515; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4697057c65b5346f&resid=4697057c65b5346f%21539&authkey=amy6ch3k70hives"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007516; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4697057c65b5346f&resid=4697057c65b5346f%21544&authkey=aee_ocvd2ysfsuo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007517; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=470febb155be50fa&resid=470febb155be50fa!450&authkey=ahw0j-cme0jg6pw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007518; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=470febb155be50fa&resid=470febb155be50fa%21450&authkey=ahw0j-cme0jg6pw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007519; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=48772b66ecc4f214&resid=48772b66ecc4f214%218972&authkey=acedq6fjveu0njm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007520; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=48772b66ecc4f214&resid=48772b66ecc4f214%218979&authkey=al8jcxfipyahgko"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007521; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=48ed7695f8804d66&resid=48ed7695f8804d66!13805&authkey=ae-zbfo2uwln_gg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007522; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=48ed7695f8804d66&resid=48ed7695f8804d66!13806&authkey=aakiq-ymrjjodns"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007523; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=48ed7695f8804d66&resid=48ed7695f8804d66%2113805&authkey=ae-zbfo2uwln_gg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007524; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=48ed7695f8804d66&resid=48ed7695f8804d66%2113806&authkey=aakiq-ymrjjodns"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007525; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4b676ea3ff139b93&resid=4b676ea3ff139b93!133&authkey=amfix63glytflgo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007526; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4d4d07581d39b63d&resid=4d4d07581d39b63d%21127&authkey=ablg20r-aat_ob4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007527; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4d4d07581d39b63d&resid=4d4d07581d39b63d%21131&authkey=akbwlkrrtso_bqm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007528; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4e45a2988ed9335b&resid=4e45a2988ed9335b!108&authkey=anbjpqxg-iwr4g8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007529; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4e45a2988ed9335b&resid=4e45a2988ed9335b%21108&authkey=anbjpqxg-iwr4g8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007530; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4e57dde6c5c6b372&resid=4e57dde6c5c6b372%21337&authkey=ahhqrhiv2ei4xjc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007531; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4e57dde6c5c6b372&resid=4e57dde6c5c6b372%21344&authkey=aatlbjfo3tjnx2y"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007532; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=4f6d62d925bbffc6&resid=4f6d62d925bbffc6%21193&authkey=adkhkj_xe3my3s4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007533; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21105&authkey=ajkwu0e9dzantl8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007534; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21107&authkey=apd9um4_12-kpe0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007535; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21116&authkey=anbj_rrcgyturjc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007536; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21119&authkey=amrs3-3hsvcmtfs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007537; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21158&authkey=aodderdrnvhruts"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007538; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21161&authkey=agdsfxdnre82jjc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007539; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21192&authkey=agn2xvrvup-xvtg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007540; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21206&authkey=ai1r52mhtbdnm2y"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007541; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21247&authkey=ae6weny1fa4pday"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007542; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21252&authkey=aphl0oi4r6lrty0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007543; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21257&authkey=afnyvqwcghnyoas"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007544; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21265&authkey=abxqdhlwiurjvve"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007545; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21271&authkey=ae5qwlr5ceeptmy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007546; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21272&authkey=ahrqeoaynibwt14"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007547; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21275&authkey=af_sgsaxsmaxg7i"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007548; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21289&authkey=angyngbqixtrjaa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007549; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21293&authkey=acvh08asxosbwfu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007550; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21299&authkey=amicxuotubpok2c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007551; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21306&authkey=ahpivoukyerzcjy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007552; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21314&authkey=aex2uv2-eiofr8q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007553; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21332&authkey=ad0jmjxgbaebvbm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007554; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21335&authkey=ah0vupcfbdfa6g4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007555; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21357&authkey=ap8sswuqjjjexho"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007556; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21366&authkey=aoblpmbmx7o_v18"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007557; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21379&authkey=air-bsjj46et47q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007558; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21389&authkey=aduenohuq_rbyhm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007559; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21391&authkey=aa15sw51njbn_na"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007560; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21392&authkey=abp0heeg6ybn0lk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007561; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5012a067b5dec1df&resid=5012a067b5dec1df%21393&authkey=aa1pmur8sy8xtwe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007562; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=501b63131ab62dd6&resid=501b63131ab62dd6%212718&authkey=aie0v1d-cusuabi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007563; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=501b63131ab62dd6&resid=501b63131ab62dd6%212725&authkey=aanrz9et3bym3lc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007564; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=501b63131ab62dd6&resid=501b63131ab62dd6%212728&authkey=ahsmbkltfrwgqjc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007565; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c!395&authkey=alwvub_yhtogjxw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007566; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c!398&authkey=abaa_tjd7ohh4so"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007567; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c!406&authkey=aarnp48wumgu6tq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007568; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c!415&authkey=aglzsd6-g0nzj7s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007569; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c!420&authkey=akk5droung_ecww"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007570; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c!440&authkey=ai7-dpr11wnzyq8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007571; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c%21395&authkey=alwvub_yhtogjxw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007572; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c%21398&authkey=abaa_tjd7ohh4so"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007573; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c%21406&authkey=aarnp48wumgu6tq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007574; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c%21415&authkey=aglzsd6-g0nzj7s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007575; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c%21420&authkey=akk5droung_ecww"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007576; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=505be76830f4dc4c&resid=505be76830f4dc4c%21440&authkey=ai7-dpr11wnzyq8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007577; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=513190d240e51e0e&resid=513190d240e51e0e%211121&authkey=al_fmezwfay4za4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007578; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=513190d240e51e0e&resid=513190d240e51e0e%211122&authkey=anz_q5njlanv2mu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007579; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=52a92cf9e3f770a3&resid=52a92cf9e3f770a3%21193&authkey=am5onpvsx0xwlk8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007580; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=52ca67cbc48c0212&resid=52ca67cbc48c0212%21110&authkey=akars6koxqzdwgi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007581; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=52ca67cbc48c0212&resid=52ca67cbc48c0212%21112&authkey=aadare1gec7nzy8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007582; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=53965c96e65f4f6d&resid=53965c96e65f4f6d!109&authkey=adriswrtwdpbuc8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007583; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=53965c96e65f4f6d&resid=53965c96e65f4f6d!109&authkey=adriswrtwdpbuc8&em=2"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007584; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=53965c96e65f4f6d&resid=53965c96e65f4f6d%21109&authkey=adriswrtwdpbuc8&em=2"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007585; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=53c5e6b8f6893887&resid=53c5e6b8f6893887!802&authkey=aapuufivkn2zwu8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007586; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=547b1e4a6b15bf97&resid=547b1e4a6b15bf97%21106&authkey=akgsmzqhemioz8g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007587; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=54f92c3a2f5d8033&resid=54f92c3a2f5d8033%21200&authkey=aofadhhfwlm2gum"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007588; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=55381ffd75ef8cda&resid=55381ffd75ef8cda!270&authkey=aev4isgyubiofdi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007589; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=554bbd19bdd72613&resid=554bbd19bdd72613!157&authkey=an55tjzt-9vbjfy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007590; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=554bbd19bdd72613&resid=554bbd19bdd72613%21156&authkey=agiuawekkbxb_4o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007591; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=55c9feaf3907aae5&resid=55c9feaf3907aae5%21208&authkey=adwuyrapfdzkyoa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007592; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5607da13ee53f950&resid=5607da13ee53f950!280&authkey=advq4p3xhfhinq8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007593; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5607da13ee53f950&resid=5607da13ee53f950%21280&authkey=advq4p3xhfhinq8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007594; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5629da828892367d&resid=5629da828892367d!803&authkey=aphjbq-bsg7ohpc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007595; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5665eeb5a15ce1fc&resid=5665eeb5a15ce1fc!455&authkey=aiaixnfkc36s0jq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007596; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5665eeb5a15ce1fc&resid=5665eeb5a15ce1fc!458&authkey=abxbhmcje9f2t50"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007597; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5665eeb5a15ce1fc&resid=5665eeb5a15ce1fc!460&authkey=aemipji0vrzvmp8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007598; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5665eeb5a15ce1fc&resid=5665eeb5a15ce1fc%21458&authkey=abxbhmcje9f2t50"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007599; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5665eeb5a15ce1fc&resid=5665eeb5a15ce1fc%21460&authkey=aemipji0vrzvmp8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007600; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5696478acb744989&resid=5696478acb744989%21383&authkey=adldpuaya7kj1dk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007601; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5696478acb744989&resid=5696478acb744989%21384&authkey=alsuxvtsof32vea"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007602; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=57c0958db500fe0b&resid=57c0958db500fe0b!68197&authkey=aowpm7ocl_21-oc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007603; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=57c0958db500fe0b&resid=57c0958db500fe0b%2168197&authkey=aowpm7ocl_21-oc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007604; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=59389d626d829e8c&resid=59389d626d829e8c%212940&authkey=anx1ngd27vqeiwo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007605; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5a813fff259aa40a&resid=5a813fff259aa40a!104&authkey=ahbk1j9hg7srgaw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007606; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5a813fff259aa40a&resid=5a813fff259aa40a%21104&authkey=ahbk1j9hg7srgaw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007607; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5b77f86dc0fa2bdf&resid=5b77f86dc0fa2bdf!823&authkey=aozjovjtbrnja-g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007608; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5b77f86dc0fa2bdf&resid=5b77f86dc0fa2bdf!826&authkey=aopisf0dvqlguke"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007609; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5b77f86dc0fa2bdf&resid=5b77f86dc0fa2bdf%21823&authkey=aozjovjtbrnja-g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007610; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5b77f86dc0fa2bdf&resid=5b77f86dc0fa2bdf%21826&authkey=aopisf0dvqlguke"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007611; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5bf0e9600d9f9da0&resid=5bf0e9600d9f9da0%211568&authkey=aemrnwoi75oflva"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007612; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5bf0e9600d9f9da0&resid=5bf0e9600d9f9da0%211572&authkey=aelz-gxlrxcwtnc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007613; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5bf0e9600d9f9da0&resid=5bf0e9600d9f9da0%211573&authkey=ahksfdvda0doles"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007614; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5c5404bd403dbdc9&resid=5c5404bd403dbdc9!4464&authkey=ajskjf2hshbudeg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007615; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5e2500ac393b8715&resid=5e2500ac393b8715%21106&authkey=alj85_ra4tgd9u8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007616; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5f3a7a50acb94052&resid=5f3a7a50acb94052!406&authkey=aeyeq5j9zfepgai"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007617; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5f3a7a50acb94052&resid=5f3a7a50acb94052!407&authkey=adnh8af-rvoxlcc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007618; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5f3a7a50acb94052&resid=5f3a7a50acb94052%21406&authkey=aeyeq5j9zfepgai"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007619; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5f3a7a50acb94052&resid=5f3a7a50acb94052%21407&authkey=adnh8af-rvoxlcc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007620; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5fb9958ff55c0123&resid=5fb9958ff55c0123%21892&authkey=apwphufzjdtsedw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007621; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=5fb9958ff55c0123&resid=5fb9958ff55c0123%21897&authkey=aomt6el1av5ruc8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007622; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=604aa6c584db9137&resid=604aa6c584db9137%21121&authkey=adjzlorvgx_ezhq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007623; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=604aa6c584db9137&resid=604aa6c584db9137%21123&authkey=ancfnepawtbmnug"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007624; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=604aa6c584db9137&resid=604aa6c584db9137%21124&authkey=ao7bknnuodxtfua"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007625; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=604aa6c584db9137&resid=604aa6c584db9137%21126&authkey=an6sswp8an1kfoe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007626; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=607978009e823f21&resid=607978009e823f21!446&authkey=aofddjtovqbb_3i"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007627; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6196314c52185efc&resid=6196314c52185efc%21106&authkey=ape4rx1hrtmrxxe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007628; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=65d5e5f1b48c0d94&resid=65d5e5f1b48c0d94!852&authkey=adzvvmms349gxmi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007629; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=65f2f37122477ee7&resid=65f2f37122477ee7%211001&authkey=ap3umqxngmtk-6e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007630; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=65fb50385517c325&resid=65fb50385517c325!117&authkey=adi1ifbjs2iajg4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007631; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=65fb50385517c325&resid=65fb50385517c325%21117&authkey=adi1ifbjs2iajg4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007632; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6605275726c6094a&resid=6605275726c6094a%21129&authkey=ak5szbnikeklmzk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007633; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6605275726c6094a&resid=6605275726c6094a%21132&authkey=ad3ia_1wkq0lyd4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007634; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6608a4dea9ff5918&resid=6608a4dea9ff5918%21399&authkey=aoya7flv_s9toxo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007635; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=66cab4bce216bb79&resid=66cab4bce216bb79%21271&authkey=ajd0ymdmkncnafc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007636; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=673699a03eb2fc27&resid=673699a03eb2fc27!107&authkey=apini2vensmns-c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007637; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=673699a03eb2fc27&resid=673699a03eb2fc27%21107&authkey=apini2vensmns-c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007638; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=67f7a3925acbb2ad&resid=67f7a3925acbb2ad!1421&authkey=adixg2-asekemjw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007639; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=67f7a3925acbb2ad&resid=67f7a3925acbb2ad%211421&authkey=adixg2-asekemjw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007640; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6819bca13312697b&resid=6819bca13312697b%213096&authkey=aob-cm9vv6erxqg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007641; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6819bca13312697b&resid=6819bca13312697b%213097&authkey=abcuevfyu6pdw70"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007642; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=69b503a3f081a183&resid=69b503a3f081a183%21111&authkey=aazm9wlg1rvgzoc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007643; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6a1602e410531072&resid=6a1602e410531072!112&authkey=aasndgbcwol3mys"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007644; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6a1602e410531072&resid=6a1602e410531072!113&authkey=ak3tzu1lg4uuh5m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007645; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6a1602e410531072&resid=6a1602e410531072%21112&authkey=aasndgbcwol3mys"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007646; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6a1602e410531072&resid=6a1602e410531072%21113&authkey=ak3tzu1lg4uuh5m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007647; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6a4147b45f4b0876&resid=6a4147b45f4b0876%21108&authkey=ameouv2jdxo5obw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007648; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6a4147b45f4b0876&resid=6a4147b45f4b0876%21119&authkey=aazzzrl7mv2xbwq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007649; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6b3ee3b3b5fb10d3&resid=6b3ee3b3b5fb10d3!118&authkey=aepf8f3mfmlsng0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007650; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6b3ee3b3b5fb10d3&resid=6b3ee3b3b5fb10d3%21118&authkey=aepf8f3mfmlsng0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007651; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6b71cecfb2f8c8a7&resid=6b71cecfb2f8c8a7!1154&authkey=acnbdscb8-rbmcu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007652; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6b71cecfb2f8c8a7&resid=6b71cecfb2f8c8a7%211154&authkey=acnbdscb8-rbmcu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007653; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6bc744122027ace8&resid=6bc744122027ace8!138&authkey=alkklopjcdub3wc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007654; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6bc744122027ace8&resid=6bc744122027ace8%21138&authkey=alkklopjcdub3wc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007655; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6d6f745ec8c6f9d8&resid=6d6f745ec8c6f9d8!126&authkey=ahbr-ddrhhmltfu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007656; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6d6f745ec8c6f9d8&resid=6d6f745ec8c6f9d8%21126&authkey=ahbr-ddrhhmltfu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007657; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6dec9570f83c12ae&resid=6dec9570f83c12ae%21693&authkey=agb4-8hlgwztycy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007658; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6e551f13c97e830a&resid=6e551f13c97e830a%21474&authkey=aifmcykqojaq60u"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007659; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=6e551f13c97e830a&resid=6e551f13c97e830a%21476&authkey=aeu7zvulf0me-sq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007660; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=70c4976fc04ddb54&resid=70c4976fc04ddb54%21106&authkey=apvhok6edhtogfu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007661; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=70c4976fc04ddb54&resid=70c4976fc04ddb54%21115&authkey=amc_k1nnlywdc4i"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007662; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7232c6acac15f31c&resid=7232c6acac15f31c!1153&authkey=abgcsm-fnkyqqxw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007663; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=724b5c509337556e&resid=724b5c509337556e%21908&authkey=agcbb3nakpteyam"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007664; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7285f51e65036769&resid=7285f51e65036769%21264&authkey=akyjvrz006qlble"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007665; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7366fefc2190d2e3&resid=7366fefc2190d2e3%21243&authkey=apivjmxivosek60"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007666; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7366fefc2190d2e3&resid=7366fefc2190d2e3%21256&authkey=adljht0ogfq775k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007667; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7366fefc2190d2e3&resid=7366fefc2190d2e3%21260&authkey=aig6cydr4_e-qj8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007668; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7366fefc2190d2e3&resid=7366fefc2190d2e3%21262&authkey=ak4fiz1-a1ks8rg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007669; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7366fefc2190d2e3&resid=7366fefc2190d2e3%21264&authkey=aizkjymvlgqwpte"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007670; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=77248c3a57dd6319&resid=77248c3a57dd6319%2118375&authkey=akizaxpkcubpqp4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007671; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=77518d098ad4dfb0&resid=77518d098ad4dfb0%21939&authkey=akzqobxxxn89z34"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007672; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=78bfb08e0f7bc86f&resid=78bfb08e0f7bc86f%21111&authkey=aggnhgqj6uhxm2w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007673; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=78bfb08e0f7bc86f&resid=78bfb08e0f7bc86f%21112&authkey=abser1xtkpb3-ta"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007674; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=78bfb08e0f7bc86f&resid=78bfb08e0f7bc86f%21117&authkey=aivf1ddcvvu22em"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007675; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7a5e689dd1dc641f&resid=7a5e689dd1dc641f!119&authkey=aozjai26izprqto"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007676; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7a5e689dd1dc641f&resid=7a5e689dd1dc641f!120&authkey=ajj7ueqjvobgfum"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007677; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7a5e689dd1dc641f&resid=7a5e689dd1dc641f%21119&authkey=aozjai26izprqto"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007678; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7a5e689dd1dc641f&resid=7a5e689dd1dc641f%21120&authkey=ajj7ueqjvobgfum"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007679; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7c1fc7da38ab958e&resid=7c1fc7da38ab958e!146&authkey=aktmjqz8n4s_sbm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007680; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7c41ddcfa01aeff7&resid=7c41ddcfa01aeff7!5295&authkey=aasceqj1mdodeuo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007681; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7c41ddcfa01aeff7&resid=7c41ddcfa01aeff7!5296&authkey=ank3vz5syaf6bny"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007682; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7c41ddcfa01aeff7&resid=7c41ddcfa01aeff7!5298&authkey=albzyizuqczfv9s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007683; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7c41ddcfa01aeff7&resid=7c41ddcfa01aeff7%215295&authkey=aasceqj1mdodeuo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007684; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7c41ddcfa01aeff7&resid=7c41ddcfa01aeff7%215296&authkey=ank3vz5syaf6bny"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007685; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7c41ddcfa01aeff7&resid=7c41ddcfa01aeff7%215298&authkey=albzyizuqczfv9s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007686; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7d109f249b512466&resid=7d109f249b512466!543&authkey=acqc4xjghclmwbs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007687; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7e77335a6884998c&resid=7e77335a6884998c%211496&authkey=aepwselcm6661hw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007688; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7e778f544ede5f73&resid=7e778f544ede5f73%211270&authkey=afzzvoio9f5qgbe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007689; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7e81645429ac5a22&resid=7e81645429ac5a22%21105&authkey=aa691jwf5wqi80c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007690; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7f5b26d7f02a87af&resid=7f5b26d7f02a87af%211204&authkey=am2v4dncjqjucas"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007691; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7f5b26d7f02a87af&resid=7f5b26d7f02a87af%211220&authkey=amh_oy4-xxsv5u8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007692; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=7fed4fbea32e3c1e&resid=7fed4fbea32e3c1e%21107&authkey=aeoxfycpolifch0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007693; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=806bac90dc071edf&resid=806bac90dc071edf!105&authkey=!ao7jyz6-licb8hq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007694; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=81c2d8b116274e17&resid=81c2d8b116274e17%21107&authkey=aaqw-t4dx2sbvda"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007695; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=82977114b1af209d&resid=82977114b1af209d!220&authkey=abuin5vdedjughm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007696; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!107&authkey=aemooeha_arvrai"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007697; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!110&authkey=abf0jp72f5eay1c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007698; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!111&authkey=agfp7lh-zk6wofo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007699; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!113&authkey=amsps5v4vwaa0-q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007700; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!115&authkey=ae3moezdoxlnjdu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007701; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!116&authkey=ak237hxhwy7wwms"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007702; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!118&authkey=ah-et4vaqks1nbi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007703; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!124&authkey=aj9aipxukafqlzq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007704; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!125&authkey=aj9xnblk0c1xriq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007705; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!129&authkey=abum1tu68ouwlyw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007706; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!133&authkey=akshvhddpmv6m9e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007707; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!137&authkey=alhuch4zaadxdv8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007708; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!139&authkey=afdskbjykabxrdy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007709; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!140&authkey=aft48d4tg3mzulm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007710; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9!142&authkey=ao3bvbikbuuokp8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007711; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21107&authkey=aemooeha_arvrai"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007712; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21110&authkey=abf0jp72f5eay1c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007713; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21111&authkey=agfp7lh-zk6wofo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007714; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21113&authkey=amsps5v4vwaa0-q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007715; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21115&authkey=ae3moezdoxlnjdu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007716; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21116&authkey=ak237hxhwy7wwms"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007717; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21118&authkey=ah-et4vaqks1nbi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007718; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21124&authkey=aj9aipxukafqlzq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007719; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21125&authkey=aj9xnblk0c1xriq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007720; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21129&authkey=abum1tu68ouwlyw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007721; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21133&authkey=akshvhddpmv6m9e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007722; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21137&authkey=alhuch4zaadxdv8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007723; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21139&authkey=afdskbjykabxrdy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007724; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21140&authkey=aft48d4tg3mzulm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007725; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=846bc3314fd27aa9&resid=846bc3314fd27aa9%21142&authkey=ao3bvbikbuuokp8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007726; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=850ddf1b98071979&resid=850ddf1b98071979%21272&authkey=ach9j2qyxffq_-e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007727; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=85d4ddee26f2fdba&resid=85d4ddee26f2fdba%21267&authkey=aj1r1esicic5vxa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007728; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=860a0980486c93fa&resid=860a0980486c93fa!303&authkey=!agcmlab4r6syfvk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007729; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=87dc3e587977c459&resid=87dc3e587977c459%21164&authkey=agbeiinncf8ok_4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007730; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=87dc3e587977c459&resid=87dc3e587977c459%21165&authkey=aiof8rdvxglnm-c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007731; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=883587d3e32ee1c4&resid=883587d3e32ee1c4!2402&authkey=amigiam45mt6jia"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007732; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=883587d3e32ee1c4&resid=883587d3e32ee1c4%212402&authkey=amigiam45mt6jia"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007733; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=890837b4e4ca07c6&resid=890837b4e4ca07c6%21289&authkey=abujc0akmtbsxf4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007734; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=8a1574ed0cecd68a&resid=8a1574ed0cecd68a%21395&authkey=ane01evt0sz-1wk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007735; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=8aae363d911e6c75&resid=8aae363d911e6c75%21107&authkey=anguugtrvw2yulk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007736; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=8c77cee60e33a6b1&resid=8c77cee60e33a6b1%21106&authkey=af8h8jn801bjnbk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007737; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=8ffd8cbd6540c065&resid=8ffd8cbd6540c065!822&authkey=acfj7bbrmktj1i0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007738; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=911a03165832a3d6&resid=911a03165832a3d6%21276&authkey=afig5wsljtdc33s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007739; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=911a03165832a3d6&resid=911a03165832a3d6%21278&authkey=abdo23i3bvy0_my"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007740; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=914146ba02b70d25&resid=914146ba02b70d25!130&authkey=ais_g9dqoddonsc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007741; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=914146ba02b70d25&resid=914146ba02b70d25%21106&authkey=ahfgxp0p6nk0eby"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007742; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=914146ba02b70d25&resid=914146ba02b70d25%21109&authkey=akr1n3qxtmnttuo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007743; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=914146ba02b70d25&resid=914146ba02b70d25%21113&authkey=ajpvf1h89sqstti"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007744; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9193d584a8c4e80c&resid=9193d584a8c4e80c%21106&authkey=ag9odgpcjttmbnu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007745; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=934ea1b22867831c&resid=934ea1b22867831c%211247&authkey=agahe1sb0a4gbes"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007746; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9380514f67248562&resid=9380514f67248562%21482&authkey=abogxllcxeax5i4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007747; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=944cfbbd7823d265&resid=944cfbbd7823d265%21105&authkey=ah9x7rn0p03kd_m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007748; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=944cfbbd7823d265&resid=944cfbbd7823d265%21110&authkey=ammswulpdsjeu4w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007749; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=94fefff7000581d3&resid=94fefff7000581d3!107&authkey=ac-m9dlvo5l7wfk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007750; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=94fefff7000581d3&resid=94fefff7000581d3%21107&authkey=ac-m9dlvo5l7wfk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007751; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=95a27df021259ebc&resid=95a27df021259ebc%21134&authkey=aawceqjbqr9nqxm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007752; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=96a54b19ff5f6bab&resid=96a54b19ff5f6bab%21107&authkey=anxv07ez7s5sh_k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007753; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=979c241f825ba366&resid=979c241f825ba366!105&authkey=aknjfgwoz3ve-j4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007754; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=979c241f825ba366&resid=979c241f825ba366%21105&authkey=aknjfgwoz3ve-j4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007755; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=98103c88c2d68867&resid=98103c88c2d68867!773&authkey=akptbml43mi4ufc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007756; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=982b2c4bb2a23649&resid=982b2c4bb2a23649%211925&authkey=amhhfhcsigeue9w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007757; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=982b2c4bb2a23649&resid=982b2c4bb2a23649%211927&authkey=an_3paqpemptbvm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007758; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=982b2c4bb2a23649&resid=982b2c4bb2a23649%211953&authkey=abdfqiyruwplpo0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007759; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=982b2c4bb2a23649&resid=982b2c4bb2a23649%211954&authkey=aok-srkhxjazccy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007760; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9a8688776fe2dbf4&resid=9a8688776fe2dbf4%21172&authkey=ahharhcv0fmn5fm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007761; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9a8688776fe2dbf4&resid=9a8688776fe2dbf4%21173&authkey=aecb3qcquacvzhi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007762; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9a8688776fe2dbf4&resid=9a8688776fe2dbf4%21174&authkey=afv7cprqwxezgsi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007763; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9a8688776fe2dbf4&resid=9a8688776fe2dbf4%21177&authkey=als6_be40lt5jk8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007764; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1768&authkey=agre3uqvf7vavza"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007765; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1769&authkey=ahyvzvhyxsh4suq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007766; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1770&authkey=aouesak820uj8dq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007767; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1771&authkey=adnltbsfyxfykhe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007768; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1772&authkey=aikzynmktjtek5o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007769; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1774&authkey=agvwrfev91cieck"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007770; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1781&authkey=aozw5dgmksnba0w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007771; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2!1783&authkey=ahlnweeqhst2vho"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007772; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211768&authkey=agre3uqvf7vavza"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007773; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211769&authkey=ahyvzvhyxsh4suq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007774; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211770&authkey=aouesak820uj8dq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007775; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211771&authkey=adnltbsfyxfykhe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007776; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211772&authkey=aikzynmktjtek5o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007777; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211774&authkey=agvwrfev91cieck"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007778; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211781&authkey=aozw5dgmksnba0w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007779; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9d54521b2a64b6b2&resid=9d54521b2a64b6b2%211783&authkey=ahlnweeqhst2vho"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007780; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9e4e4faca91ad3d2&resid=9e4e4faca91ad3d2!113&authkey=akeqdnxllfzf8hq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007781; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9e4e4faca91ad3d2&resid=9e4e4faca91ad3d2%21113&authkey=akeqdnxllfzf8hq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007782; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9e8909d0daad7668&resid=9e8909d0daad7668%21114&authkey=adtrufah5nqf4ws"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007783; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=9fba865c1fdce17f&resid=9fba865c1fdce17f%211109&authkey=achpeiyvsphyn9o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007784; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a023fe2d1ac611f2&resid=a023fe2d1ac611f2!514&authkey=alaxh02uycquui4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007785; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a04a98741fafee2b&resid=a04a98741fafee2b%211857&authkey=af3qhnjtfnffevi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007786; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a1c8c8055848b889&resid=a1c8c8055848b889!111&authkey=agzlftsgr4lspvo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007787; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a1e292fc31781e42&resid=a1e292fc31781e42!264&authkey=ahwhlnt55uqzxei"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007788; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a1e292fc31781e42&resid=a1e292fc31781e42%21264&authkey=ahwhlnt55uqzxei"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007789; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a263f254a0224137&resid=a263f254a0224137%211109&authkey=anmk57mbalfvk6k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007790; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a2cd2cdb93584d7e&resid=a2cd2cdb93584d7e%21106&authkey=aeifpqbwo1s3dyq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007791; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a4000de54b92dcc6&resid=a4000de54b92dcc6%211064&authkey=apebndb6tstxywi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007792; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a4000de54b92dcc6&resid=a4000de54b92dcc6%211065&authkey=aca4_dggi5gbbfs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007793; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a4000de54b92dcc6&resid=a4000de54b92dcc6%211067&authkey=ae-3ej9zzj4ibhw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007794; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a4000de54b92dcc6&resid=a4000de54b92dcc6%211069&authkey=agx6b8qjt_clm-o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007795; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a502994ea313f5c7&resid=a502994ea313f5c7%21215&authkey=aiydvejv0l8stbs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007796; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a6dd95780c6c7e21&resid=a6dd95780c6c7e21!6053&authkey=agfh0ahstj7rrki"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007797; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a6dd95780c6c7e21&resid=a6dd95780c6c7e21%216053&authkey=agfh0ahstj7rrki"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007798; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a706b8d2f68ea211&resid=a706b8d2f68ea211!1826&authkey=ao5jvyaie8ob5pu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007799; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a706b8d2f68ea211&resid=a706b8d2f68ea211!1828&authkey=akh3yblp_ckyc1c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007800; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a706b8d2f68ea211&resid=a706b8d2f68ea211!1829&authkey=afj_kozojzxlbii"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007801; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a706b8d2f68ea211&resid=a706b8d2f68ea211%211825&authkey=apflgkacndmmc3y"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007802; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a706b8d2f68ea211&resid=a706b8d2f68ea211%211826&authkey=ao5jvyaie8ob5pu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007803; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a706b8d2f68ea211&resid=a706b8d2f68ea211%211828&authkey=akh3yblp_ckyc1c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007804; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a706b8d2f68ea211&resid=a706b8d2f68ea211%211829&authkey=afj_kozojzxlbii"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007805; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a75074ec168603e4&resid=a75074ec168603e4%21108&authkey=apnjueurszwr7fi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007806; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e!114&authkey=abulyo9rsntacrk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007807; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e!115&authkey=akvatmtad7eda9e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007808; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e!119&authkey=ad1cpshzxai7hvu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007809; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e!120&authkey=aoryzju7gy0o23u"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007810; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e%21114&authkey=abulyo9rsntacrk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007811; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e%21115&authkey=akvatmtad7eda9e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007812; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e%21116&authkey=ag2lqdr2k4z5ww8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007813; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e%21119&authkey=ad1cpshzxai7hvu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007814; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=a7d4e0045d19760e&resid=a7d4e0045d19760e%21120&authkey=aoryzju7gy0o23u"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007815; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=aa4e252db942faec&resid=aa4e252db942faec%21168&authkey=anlnjo7xnwtswuk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007816; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=adbf9d98d1fc0f9a&resid=adbf9d98d1fc0f9a!446&authkey=aoqmofn7t8a7icu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007817; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=adbf9d98d1fc0f9a&resid=adbf9d98d1fc0f9a!452&authkey=abhcopzg2tfsdle"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007818; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=adbf9d98d1fc0f9a&resid=adbf9d98d1fc0f9a%21446&authkey=aoqmofn7t8a7icu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007819; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=adbf9d98d1fc0f9a&resid=adbf9d98d1fc0f9a%21452&authkey=abhcopzg2tfsdle"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007820; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ae28961c75435487&resid=ae28961c75435487%21106&authkey=alph5awcis8r9iw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007821; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ae80108520d75992&resid=ae80108520d75992!113&authkey=agh9q_zzyjjcspc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007822; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ae80108520d75992&resid=ae80108520d75992%21113&authkey=agh9q_zzyjjcspc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007823; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=af84ebf13dd5499c&resid=af84ebf13dd5499c!167&authkey=anqr_yvn_hdh2_e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007824; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b03ee17d51411308&resid=b03ee17d51411308!2152&authkey=abutaac83l5utks"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007825; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b03ee17d51411308&resid=b03ee17d51411308%212152&authkey=abutaac83l5utks"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007826; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b1239884e2deb3b9&resid=b1239884e2deb3b9%21650&authkey=aht-wbxsofyx33u"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007827; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b1239884e2deb3b9&resid=b1239884e2deb3b9%21652&authkey=afsw5wahxo5kwjy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007828; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b1c3a5ef115e135c&resid=b1c3a5ef115e135c%216219&authkey=ahr7bklirbub0pc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007829; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b207807f9f8b9e22&resid=b207807f9f8b9e22!153&authkey=amikgqxyyt90lty"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007830; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b207807f9f8b9e22&resid=b207807f9f8b9e22!154&authkey=aimwvfrlvejjmyi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007831; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b207807f9f8b9e22&resid=b207807f9f8b9e22!156&authkey=abkt6s1qprnm5ze"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007832; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b207807f9f8b9e22&resid=b207807f9f8b9e22%21154&authkey=aimwvfrlvejjmyi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007833; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b207807f9f8b9e22&resid=b207807f9f8b9e22%21156&authkey=abkt6s1qprnm5ze"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007834; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b3805920e5eb0711&resid=b3805920e5eb0711%21120&authkey=aozmspl2dqkgkgy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007835; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b3805920e5eb0711&resid=b3805920e5eb0711%21123&authkey=aj18p0rtfbtwa84"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007836; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b3a118354e81d1bb&resid=b3a118354e81d1bb%21139&authkey=ahwfjvw4zmjukeo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007837; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b3a118354e81d1bb&resid=b3a118354e81d1bb%21140&authkey=aksvfpmrfqrrggw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007838; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b3a118354e81d1bb&resid=b3a118354e81d1bb%21141&authkey=acznh6clby0qyww"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007839; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b3a118354e81d1bb&resid=b3a118354e81d1bb%21142&authkey=ajf7j1rr3d7jcxy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007840; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b3a118354e81d1bb&resid=b3a118354e81d1bb%21143&authkey=ahs21wnsqb_vu9w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007841; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b50c4248502103d0&resid=b50c4248502103d0%21107&authkey=alf1nley7ja4dbq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007842; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b5ea8d4249d866e6&resid=b5ea8d4249d866e6!164&authkey=adfsfcdaw3biboy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007843; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b5ea8d4249d866e6&resid=b5ea8d4249d866e6%21164&authkey=adfsfcdaw3biboy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007844; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b68f720bdb7557e9&resid=b68f720bdb7557e9%21124&authkey=aajm5susw8vx6ga"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007845; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b76bfa57d51bd6be&resid=b76bfa57d51bd6be%21113&authkey=amuivgdvq0nbkco"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007846; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b7cb31db66675eb4&resid=b7cb31db66675eb4%21922&authkey=aghayyucvwey7lg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007847; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b86046e8cbd4254b&resid=b86046e8cbd4254b%21115&authkey=agwstptwpaquleg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007848; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b8ba73db68da7c0b&resid=b8ba73db68da7c0b!7521&authkey=ablt9zdyq2d4rb0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007849; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b8ba73db68da7c0b&resid=b8ba73db68da7c0b%217521&authkey=ablt9zdyq2d4rb0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007850; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b90c1aa3b6cd0326&resid=b90c1aa3b6cd0326%21471&authkey=aoil8ra4oc4s_2m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007851; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=b9690a1860a591d0&resid=b9690a1860a591d0%21161&authkey=aehawjpwf6tqtm8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007852; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=bac03012ec7bd279&resid=bac03012ec7bd279%21134&authkey=aleqfpsaed1cg5a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007853; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=bac03012ec7bd279&resid=bac03012ec7bd279%21135&authkey=ajowleaql9x5hly"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007854; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=bac03012ec7bd279&resid=bac03012ec7bd279%21136&authkey=aea0cqph-5qisew"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007855; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=beaf30da1f621c9b&resid=beaf30da1f621c9b!246&authkey=afyrchdutalpu90"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007856; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=beaf30da1f621c9b&resid=beaf30da1f621c9b%21246&authkey=afyrchdutalpu90"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007857; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=bf83d9247c2329e0&resid=bf83d9247c2329e0%211108&authkey=absaw-bpqrc6mpq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007858; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e!298&authkey=aakbigqxai9mif8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007859; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e!299&authkey=alv5ajrexhk5qgq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007860; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e!300&authkey=ankuozadzrohvpa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007861; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e!301&authkey=aey0_15splh2zxu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007862; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e%21298&authkey=aakbigqxai9mif8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007863; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e%21299&authkey=alv5ajrexhk5qgq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007864; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e%21300&authkey=ankuozadzrohvpa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007865; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c07f600a6c17c59e&resid=c07f600a6c17c59e%21301&authkey=aey0_15splh2zxu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007866; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c121261804708478&resid=c121261804708478%214199&authkey=adgqe8qiyu92bqm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007867; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c121261804708478&resid=c121261804708478%214200&authkey=adqtju8i3nmlgai"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007868; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c121261804708478&resid=c121261804708478%214201&authkey=ahqber27s7gg8kk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007869; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c359b1a8babc6019&resid=c359b1a8babc6019!1251&authkey=act34eizpzjugfa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007870; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c359b1a8babc6019&resid=c359b1a8babc6019%211251&authkey=act34eizpzjugfa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007871; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1337&authkey=afnvu1fsuczht5e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007872; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1338&authkey=ajngambosws75_c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007873; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1340&authkey=al1ay3fbtude6d8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007874; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1343&authkey=abodysrxu9l2xxu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007875; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1344&authkey=aozerppd6mnokwy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007876; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1345&authkey=aevvyhonxhtcdh0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007877; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1346&authkey=achrnf5vlov1gf4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007878; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e!1347&authkey=al-zge-ttvr921s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007879; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211337&authkey=afnvu1fsuczht5e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007880; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211338&authkey=ajngambosws75_c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007881; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211340&authkey=al1ay3fbtude6d8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007882; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211342&authkey=acpr_htn2jtaxfu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007883; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211343&authkey=abodysrxu9l2xxu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007884; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211344&authkey=aozerppd6mnokwy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007885; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211345&authkey=aevvyhonxhtcdh0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007886; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211346&authkey=achrnf5vlov1gf4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007887; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c3d8ad85ba2add4e&resid=c3d8ad85ba2add4e%211347&authkey=al-zge-ttvr921s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007888; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c701663053a57d59&resid=c701663053a57d59%211009&authkey=ahowgkak7j0p2q8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007889; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0!326&authkey=aej2ke2utb7xv_o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007890; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0!328&authkey=amtyosjh1c2iokw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007891; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0!330&authkey=ampqtue9wy1apqi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007892; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0!332&authkey=agicxhcmkhwlieq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007893; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0!333&authkey=abktlfl5s-hxukw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007894; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0%21326&authkey=aej2ke2utb7xv_o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007895; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0%21328&authkey=amtyosjh1c2iokw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007896; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0%21330&authkey=ampqtue9wy1apqi"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007897; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0%21332&authkey=agicxhcmkhwlieq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007898; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c70ed6cf273a7ac0&resid=c70ed6cf273a7ac0%21333&authkey=abktlfl5s-hxukw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007899; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c719b388e99d5356&resid=c719b388e99d5356%21148&authkey=aksdwp8mbv2h0gg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007900; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c71b410673c49a80&resid=c71b410673c49a80%21486&authkey=amy4euf_rrlcykc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007901; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c71b410673c49a80&resid=c71b410673c49a80%21487&authkey=acpdem3hng1b7sy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007902; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c71b410673c49a80&resid=c71b410673c49a80%21489&authkey=ako3anwfnqfohnc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007903; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=c80630c4d385fb9d&resid=c80630c4d385fb9d%21286&authkey=amgaucv8bld_5qs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007904; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cb64e6e1a6ce15a2&resid=cb64e6e1a6ce15a2!109&authkey=ac4gxwjoopafr9a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007905; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cb64e6e1a6ce15a2&resid=cb64e6e1a6ce15a2%21109&authkey=ac4gxwjoopafr9a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007906; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cbb66cac420484bc&resid=cbb66cac420484bc!10968&authkey=aj9bjkobu-rlnaw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007907; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cc4ef05c46583174&resid=cc4ef05c46583174%218398&authkey=abkwfajwcwtg0xm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007908; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cc4ef05c46583174&resid=cc4ef05c46583174%219485&authkey=amqopb-mtbphioa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007909; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ce34e56174adf49f&resid=ce34e56174adf49f%21119&authkey=afa-eyd-ubl3kum"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007910; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ce8b733b5e29c6fa&resid=ce8b733b5e29c6fa%212056&authkey=aldbghtwoxcmbsa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007911; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cf0c6d1a4c15233d&resid=cf0c6d1a4c15233d!742&authkey=akbxju17f8g0r2s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007912; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cf0c6d1a4c15233d&resid=cf0c6d1a4c15233d!744&authkey=adak4zftd0yhhhs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007913; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cf0c6d1a4c15233d&resid=cf0c6d1a4c15233d%21742&authkey=akbxju17f8g0r2s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007914; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=cf0c6d1a4c15233d&resid=cf0c6d1a4c15233d%21744&authkey=adak4zftd0yhhhs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007915; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d06d60404544fb85&resid=d06d60404544fb85!872&authkey=ap9hchztywo8zuo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007916; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d06d60404544fb85&resid=d06d60404544fb85!874&authkey=alkzcbxz-dscgum"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007917; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d06d60404544fb85&resid=d06d60404544fb85!875&authkey=aka55ybdhqnoc6c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007918; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d06d60404544fb85&resid=d06d60404544fb85%21872&authkey=ap9hchztywo8zuo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007919; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d06d60404544fb85&resid=d06d60404544fb85%21874&authkey=alkzcbxz-dscgum"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007920; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d06d60404544fb85&resid=d06d60404544fb85%21875&authkey=aka55ybdhqnoc6c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007921; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d2a609584332b259&resid=d2a609584332b259%211958&authkey=agr4wwgmoavw9jy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007922; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d2f3748954f6f8a8&resid=d2f3748954f6f8a8%21119&authkey=aex5s9uoun2zps0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007923; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d718e3c8e3bc53c0&resid=d718e3c8e3bc53c0!191&authkey=ajl2uegqunsgc3q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007924; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d718e3c8e3bc53c0&resid=d718e3c8e3bc53c0!192&authkey=acd_hx4bka3z0nw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007925; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d718e3c8e3bc53c0&resid=d718e3c8e3bc53c0%21191&authkey=ajl2uegqunsgc3q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007926; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d718e3c8e3bc53c0&resid=d718e3c8e3bc53c0%21192&authkey=acd_hx4bka3z0nw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007927; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d718e3c8e3bc53c0&resid=d718e3c8e3bc53c0%21193&authkey=ah68m6pamjvyscy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007928; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!107&authkey=ah0ve3h6it6ys-q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007929; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!110&authkey=aitqmegnfoxdbdo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007930; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!111&authkey=an64oowjnpnrh78"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007931; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!114&authkey=ah5ctstxhcs3h1m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007932; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!117&authkey=al0t3hct_nairik"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007933; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!118&authkey=aeghegpzbxrbsp0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007934; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!125&authkey=aab4mu8zmwaouu8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007935; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!126&authkey=aklruofjxppdkaq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007936; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!127&authkey=aibymfwkfjgokbw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007937; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!129&authkey=acdjptdx6ezhb98"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007938; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!133&authkey=ajudw62fjzlspus"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007939; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!137&authkey=abhwckqvga_8sry"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007940; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!139&authkey=ap5qh_v_ixjxnoc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007941; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!141&authkey=amw1ifm3vuyqkia"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007942; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9!144&authkey=aduyzwtwvtp2nee"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007943; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21107&authkey=ah0ve3h6it6ys-q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007944; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21110&authkey=aitqmegnfoxdbdo"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007945; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21111&authkey=an64oowjnpnrh78"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007946; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21114&authkey=ah5ctstxhcs3h1m"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007947; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21117&authkey=al0t3hct_nairik"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007948; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21118&authkey=aeghegpzbxrbsp0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007949; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21125&authkey=aab4mu8zmwaouu8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007950; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21127&authkey=aibymfwkfjgokbw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007951; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21129&authkey=acdjptdx6ezhb98"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007952; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21133&authkey=ajudw62fjzlspus"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007953; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21137&authkey=abhwckqvga_8sry"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007954; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21139&authkey=ap5qh_v_ixjxnoc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007955; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21141&authkey=amw1ifm3vuyqkia"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007956; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d87ccd096aa95be9&resid=d87ccd096aa95be9%21144&authkey=aduyzwtwvtp2nee"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007957; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!106&authkey=alnddd83kdgnorm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007958; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!110&authkey=adhinqsl7jmbh04"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007959; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!112&authkey=acowpvbeowo_wwe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007960; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!115&authkey=ags_1oastnqtl88"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007961; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!116&authkey=amvk7f479eh-qyy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007962; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!118&authkey=aaen9ffwr5a92b4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007963; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!121&authkey=ampzio1n6uihyvy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007964; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!133&authkey=aekx6jpq4mrghti"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007965; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!135&authkey=aealtyydzapbi_w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007966; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!138&authkey=amoflpcelpdzjjk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007967; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!139&authkey=ans5joveruz37xg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007968; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!140&authkey=aos17bsaj2fjhw0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007969; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185!144&authkey=ap8cycklob2kllm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007970; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21106&authkey=alnddd83kdgnorm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007971; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21112&authkey=acowpvbeowo_wwe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007972; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21115&authkey=ags_1oastnqtl88"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007973; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21116&authkey=amvk7f479eh-qyy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007974; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21118&authkey=aaen9ffwr5a92b4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007975; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21121&authkey=ampzio1n6uihyvy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007976; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21133&authkey=aekx6jpq4mrghti"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007977; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21135&authkey=aealtyydzapbi_w"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007978; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21138&authkey=amoflpcelpdzjjk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007979; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21139&authkey=ans5joveruz37xg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007980; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21140&authkey=aos17bsaj2fjhw0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007981; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=d9a839e3e4fc1185&resid=d9a839e3e4fc1185%21144&authkey=ap8cycklob2kllm"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007982; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=db0fc77df51690e1&resid=db0fc77df51690e1%21802&authkey=apefr8w_rdk--pe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007983; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=db5548cd728f142b&resid=db5548cd728f142b%21187&authkey=aansxudby0o7uwq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007984; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=db62f747c6d887d0&resid=db62f747c6d887d0%21111&authkey=ai2guftczvfehs4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007985; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dc0dd1a98b2524c4&resid=dc0dd1a98b2524c4!108&authkey=anpyfazx3v7xk_a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007986; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dc0dd1a98b2524c4&resid=dc0dd1a98b2524c4%21108&authkey=anpyfazx3v7xk_a"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007987; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dc0dd1a98b2524c4&resid=dc0dd1a98b2524c4%21111&authkey=aorkgf_h2kuss4g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007988; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dcd65237fcd1a1a9&resid=dcd65237fcd1a1a9%21162&authkey=aprqs0hugnfo6uq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007989; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dd0a0ec58f4ac5f5&resid=dd0a0ec58f4ac5f5!7527&authkey=aipybipwht56um8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007990; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dd0a0ec58f4ac5f5&resid=dd0a0ec58f4ac5f5!7530&authkey=am9p2ic6zdkgfmy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007991; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dd0a0ec58f4ac5f5&resid=dd0a0ec58f4ac5f5%217527&authkey=aipybipwht56um8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007992; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dd0a0ec58f4ac5f5&resid=dd0a0ec58f4ac5f5%217530&authkey=am9p2ic6zdkgfmy"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007993; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=dd0a0ec58f4ac5f5&resid=dd0a0ec58f4ac5f5%217532&authkey=aonjnubquvon_uk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007994; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df5f946aa1850b39&resid=df5f946aa1850b39!116&authkey=ae6y01vly8zh9rg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007995; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df5f946aa1850b39&resid=df5f946aa1850b39!118&authkey=an4qam-hob77unu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007996; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df5f946aa1850b39&resid=df5f946aa1850b39%21114&authkey=alvcgqiz6-u5ebg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007997; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df5f946aa1850b39&resid=df5f946aa1850b39%21116&authkey=ae6y01vly8zh9rg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007998; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df5f946aa1850b39&resid=df5f946aa1850b39%21118&authkey=an4qam-hob77unu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100007999; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df679db45a35617c&resid=df679db45a35617c!2852&authkey=aoqhnxwkqyfsyvs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008000; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df679db45a35617c&resid=df679db45a35617c!2853&authkey=aahjdvnvn--b37k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df679db45a35617c&resid=df679db45a35617c%212852&authkey=aoqhnxwkqyfsyvs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=df679db45a35617c&resid=df679db45a35617c%212853&authkey=aahjdvnvn--b37k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e08e2d452e10fc69&resid=e08e2d452e10fc69%21107&authkey=akrabrcroiddkxw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e08e2d452e10fc69&resid=e08e2d452e10fc69%21115&authkey=ad1ncwtj_zcjsh0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e08e2d452e10fc69&resid=e08e2d452e10fc69%21132&authkey=akpbxohbtjebyn4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e08e2d452e10fc69&resid=e08e2d452e10fc69%21150&authkey=aevazjbqnu7cmjs"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e08e2d452e10fc69&resid=e08e2d452e10fc69%21160&authkey=aiendf-9lyln0x0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e1065ab3e86a5fc2&resid=e1065ab3e86a5fc2%211443&authkey=apybkcvf4iwxp_q"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e125527b7f75ad75&resid=e125527b7f75ad75!15045&authkey=anujawu3yoc20mk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e125527b7f75ad75&resid=e125527b7f75ad75%2115045&authkey=anujawu3yoc20mk"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e2ea0eaee1f43ce2&resid=e2ea0eaee1f43ce2!129&authkey=afk5vdt49soo3co"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e2ea0eaee1f43ce2&resid=e2ea0eaee1f43ce2%21129&authkey=afk5vdt49soo3co"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e3ddc3980f743711&resid=e3ddc3980f743711%21795&authkey=aptivsvyk2we5xc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e424d4f4fe44dedf&resid=e424d4f4fe44dedf%21745&authkey=ah1i_jo73zgdxpc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e424d4f4fe44dedf&resid=e424d4f4fe44dedf%21746&authkey=ag1mhwlznwdxpw0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e4b1e1072dc91f5c&resid=e4b1e1072dc91f5c!509&authkey=akmdyqkzcsuf_gg"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e4b1e1072dc91f5c&resid=e4b1e1072dc91f5c!511&authkey=agfs0q7dz7os1lu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e4b1e1072dc91f5c&resid=e4b1e1072dc91f5c%21511&authkey=agfs0q7dz7os1lu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e54ea4e0368d023b&resid=e54ea4e0368d023b%21106&authkey=aozas6g9pm0fzvq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e63b349dc19018ee&resid=e63b349dc19018ee%21113&authkey=aju_g5ycoduadwe"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e790c3d4dd4fa5db&resid=e790c3d4dd4fa5db%21349&authkey=ae9ea8jdsa7vmom"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e790c3d4dd4fa5db&resid=e790c3d4dd4fa5db%21350&authkey=ao-vuexoihzj7da"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e859da0f2c81d5f2&resid=e859da0f2c81d5f2!142&authkey=ais88uad5aom6qu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e859da0f2c81d5f2&resid=e859da0f2c81d5f2%21142&authkey=ais88uad5aom6qu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e97110434470423e&resid=e97110434470423e%21113&authkey=afowclex54if0g0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e9a57719b11feb33&resid=e9a57719b11feb33!1192&authkey=apnhep6fmmxxdkw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=e9a57719b11feb33&resid=e9a57719b11feb33%211192&authkey=apnhep6fmmxxdkw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ead0e1196bd04320&resid=ead0e1196bd04320%211215&authkey=ac1jr_bieufz0ai"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ead0e1196bd04320&resid=ead0e1196bd04320%211219&authkey=akgo75rmvr4khlc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=eb3ceda2c458a6e0&resid=eb3ceda2c458a6e0!335&authkey=aim7sskbl4ejkja"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=eb3ceda2c458a6e0&resid=eb3ceda2c458a6e0%21333&authkey=alu5k1nncsbb7_o"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=eb3ceda2c458a6e0&resid=eb3ceda2c458a6e0%21335&authkey=aim7sskbl4ejkja"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ebacca5dec27fd20&resid=ebacca5dec27fd20%2118735&authkey=ajfyl1mzidnylc8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=edd7401a7180b54c&resid=edd7401a7180b54c%21113&authkey=aovavpmokd2jrns"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=edd7401a7180b54c&resid=edd7401a7180b54c%21116&authkey=aadnj5xyfasugu8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=efdf2c8d834a1928&resid=efdf2c8d834a1928!202&authkey=ah1gjq8j29darw4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=efdf2c8d834a1928&resid=efdf2c8d834a1928!203&authkey=af8xr99mrqp8um8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=efdf2c8d834a1928&resid=efdf2c8d834a1928!204&authkey=ad0nbzlscbg-0sa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=efdf2c8d834a1928&resid=efdf2c8d834a1928%21202&authkey=ah1gjq8j29darw4"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=efdf2c8d834a1928&resid=efdf2c8d834a1928%21203&authkey=af8xr99mrqp8um8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=efdf2c8d834a1928&resid=efdf2c8d834a1928%21204&authkey=ad0nbzlscbg-0sa"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f05e45800a084e63&resid=f05e45800a084e63%21489&authkey=ads_gff3tjkd0w0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f05e45800a084e63&resid=f05e45800a084e63%21490&authkey=aj_rld7xooge6aw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f05e45800a084e63&resid=f05e45800a084e63%21492&authkey=ahdb75ptd1_uc8e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f06038a5f7dbd6d6&resid=f06038a5f7dbd6d6%215498&authkey=aiozi3z5qzdysmu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f0f894044c5f9ac3&resid=f0f894044c5f9ac3%21116&authkey=amgktmf8pgnx-30"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f110325b8d3d1f1b&resid=f110325b8d3d1f1b!120&authkey=akqb-u36jj-_x_8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f110325b8d3d1f1b&resid=f110325b8d3d1f1b!122&authkey=aoe9npvdiskzre0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f110325b8d3d1f1b&resid=f110325b8d3d1f1b!124&authkey=ajkdo5uvuaezl1y"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f110325b8d3d1f1b&resid=f110325b8d3d1f1b!125&authkey=acusqlwgdjvphe8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f110325b8d3d1f1b&resid=f110325b8d3d1f1b%21120&authkey=akqb-u36jj-_x_8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f110325b8d3d1f1b&resid=f110325b8d3d1f1b%21124&authkey=ajkdo5uvuaezl1y"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f110325b8d3d1f1b&resid=f110325b8d3d1f1b%21125&authkey=acusqlwgdjvphe8"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f293cebb54e5ea71&resid=f293cebb54e5ea71%21293&authkey=aha74rsqiuewnpq"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f33b7f3386918ac0&resid=f33b7f3386918ac0!1155&authkey=aasr-vvwptzgq9e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f33b7f3386918ac0&resid=f33b7f3386918ac0%211150&authkey=alsewq8xeufpla0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f40a6c678d20c1eb&resid=f40a6c678d20c1eb%21566&authkey=aevafh7rydhi19k"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f40a6c678d20c1eb&resid=f40a6c678d20c1eb%21581&authkey=agx0b8ho87w4uie"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f40a6c678d20c1eb&resid=f40a6c678d20c1eb%21582&authkey=af-9_xwysl1o7-c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f40a6c678d20c1eb&resid=f40a6c678d20c1eb%21598&authkey=ah-gkc-b7fa8h-g"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f40a6c678d20c1eb&resid=f40a6c678d20c1eb%21599&authkey=aajunhe1ex_-zta"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f79e41c0e32d3314&resid=f79e41c0e32d3314%211182&authkey=aiqtptberyvlgqk&em=2%22"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f7ae097903082806&resid=f7ae097903082806!1368&authkey=anphh1fijhvzv6c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=f7ae097903082806&resid=f7ae097903082806%211368&authkey=anphh1fijhvzv6c"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=fb2177c192eed796&resid=fb2177c192eed796%21124&authkey=abotnmdhu_tg7bc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=fd50774e5ce0e314&resid=fd50774e5ce0e314%21778&authkey=aoxb2vhhz3qodiu"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=fe85161c3947f2c1&resid=fe85161c3947f2c1%211441&authkey=agb6c1ecr91svrw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ff1d187273dfbf73&resid=ff1d187273dfbf73!693&authkey=agcpkhnewfte_yc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ff1d187273dfbf73&resid=ff1d187273dfbf73!694&authkey=aa5jqzjsp0esr1s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ff1d187273dfbf73&resid=ff1d187273dfbf73%21693&authkey=agcpkhnewfte_yc"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ff1d187273dfbf73&resid=ff1d187273dfbf73%21694&authkey=aa5jqzjsp0esr1s"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ffde14d2c0ef634a&resid=ffde14d2c0ef634a%21643&authkey=amuzcawdjv7eg3e"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ffde14d2c0ef634a&resid=ffde14d2c0ef634a%21645&authkey=ann9yoazyxp01a0"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download?cid=ffde14d2c0ef634a&resid=ffde14d2c0ef634a%21646&authkey=anfwqxeoxdegwnw"; endswith; nocase; http.host; content:"onedrive.live.com"; classtype:trojan-activity; sid:100008075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500279229/c4d1ce167d49df4f2206a5fe210b189f/winlocker.exe"; endswith; nocase; http.host; content:"padlet-uploads.storage.googleapis.com"; classtype:trojan-activity; sid:100008076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500279229/dfd16dbfc5b6c3ac5e3468e0929d1973/karlocker_exe.exe"; endswith; nocase; http.host; content:"padlet-uploads.storage.googleapis.com"; classtype:trojan-activity; sid:100008077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500279229/ebc8ef7d87c522e51b4dc3429f48d2db/systemcrasher_bydaniel.exe"; endswith; nocase; http.host; content:"padlet-uploads.storage.googleapis.com"; classtype:trojan-activity; sid:100008078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/4fvypptf"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/4fwgxkzb"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/6ut0pbxt"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/77jhk0iw"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/7yrtvh0j"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/89hkc7wb"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bqhbezhr"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ct99tglf"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/emy1xgpz"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/gkj9jeek"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/gs3l8dwc"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/gudcxzqi"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/j829zaxe"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/myefegtf"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/pxuj2cr6"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/qcu4ppva"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/qjigyejs"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/tzetmw43"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/u59eearf"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/udqsatcz"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ue0cfwm7"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ukdkvfd8"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/vg7m1ser"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/vz0sldw3"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/w97es7cw"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ws7ggjlt"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xxjcr1f2"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/ypjfshky"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/yqvsvlvq"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/zxsp2w7h"; endswith; nocase; http.host; content:"pastebin.com"; classtype:trojan-activity; sid:100008108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/llc/mwcacs65xienqdp/"; endswith; nocase; http.host; content:"pierreconsulting.info"; classtype:trojan-activity; sid:100008109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arntsonl/calc_security_poc/master/dll/calc.dll"; endswith; nocase; http.host; content:"raw.githubusercontent.com"; classtype:trojan-activity; sid:100008110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aztek2/sasxvsy/gh-pages/yho7.svg"; endswith; nocase; http.host; content:"raw.githubusercontent.com"; classtype:trojan-activity; sid:100008111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; endswith; nocase; http.host; content:"raw.githubusercontent.com"; classtype:trojan-activity; sid:100008112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evil-coder66/defendercontrol/main/defendercontrol.exe"; endswith; nocase; http.host; content:"raw.githubusercontent.com"; classtype:trojan-activity; sid:100008113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; endswith; nocase; http.host; content:"raw.githubusercontent.com"; classtype:trojan-activity; sid:100008114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nakayadonati/backend001/main/wiki.txt"; endswith; nocase; http.host; content:"raw.githubusercontent.com"; classtype:trojan-activity; sid:100008115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtek25556/rhti2/gh-pages/90hfnvo69vk2ot.bmp"; endswith; nocase; http.host; content:"raw.githubusercontent.com"; classtype:trojan-activity; sid:100008116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pt/jp/topics/pronounce/assets/hjpro50.exe"; endswith; nocase; http.host; content:"res.hjfile.cn"; classtype:trojan-activity; sid:100008117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/stormqk/dn/stormagent.apk?attredirects=0"; endswith; nocase; http.host; content:"sites.google.com"; classtype:trojan-activity; sid:100008118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inst77player/inst77player_1.0.0.1.exe"; endswith; nocase; http.host; content:"softdl.360tpcdn.com"; classtype:trojan-activity; sid:100008119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aperiam-omnis/doloremque.zip"; endswith; nocase; http.host; content:"souzaircondicionado.com"; classtype:trojan-activity; sid:100008120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aperiam-omnis/eum.zip"; endswith; nocase; http.host; content:"souzaircondicionado.com"; classtype:trojan-activity; sid:100008121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aperiam-omnis/nihil.zip"; endswith; nocase; http.host; content:"souzaircondicionado.com"; classtype:trojan-activity; sid:100008122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/eaa32f64-63e1-4bc5-bc5b-4d488123b1aa/bkaxiflogrcz.dll"; endswith; nocase; http.host; content:"store2.gofile.io"; classtype:trojan-activity; sid:100008123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/66/asynccrypted.exe"; endswith; nocase; http.host; content:"suyashcollegeofnursing.com"; classtype:trojan-activity; sid:100008124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/language/don109/cryptedfile109.exe"; endswith; nocase; http.host; content:"suyashcollegeofnursing.com"; classtype:trojan-activity; sid:100008125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/language/don109/ltd5jpcpqvoh3te.exe"; endswith; nocase; http.host; content:"suyashcollegeofnursing.com"; classtype:trojan-activity; sid:100008126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/language/don163/cryptedfile163.exe"; endswith; nocase; http.host; content:"suyashcollegeofnursing.com"; classtype:trojan-activity; sid:100008127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f/tl/59/14009fb2ab2febe06bfcce235058717c/55.exe"; endswith; nocase; http.host; content:"uplooder.net"; classtype:trojan-activity; sid:100008128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/image/10/b4f750f880a0c089f7ea7989a38e3dee/dll.jpg"; endswith; nocase; http.host; content:"uplooder.net"; classtype:trojan-activity; sid:100008129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gnuboard/data/scan/amowvegfrt9ja/"; endswith; nocase; http.host; content:"vniel.co.kr"; classtype:trojan-activity; sid:100008130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gnuboard/data/scan/fu6jvxzzs46uqlp7l/"; endswith; nocase; http.host; content:"vniel.co.kr"; classtype:trojan-activity; sid:100008131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kolya/.f/root/net.mit.edu/net/user/chris/winnt/mit_agenda2a.doc"; endswith; nocase; http.host; content:"web.mit.edu"; classtype:trojan-activity; sid:100008132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/issues/136_140/flt_shovemydiscoupyourarse.exe"; endswith; nocase; http.host; content:"websound.ru"; classtype:trojan-activity; sid:100008133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/issues/136_140/kb%5efr_ouverture.exe"; endswith; nocase; http.host; content:"websound.ru"; classtype:trojan-activity; sid:100008134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/issues/136_140/kb^fr_ouverture.exe"; endswith; nocase; http.host; content:"websound.ru"; classtype:trojan-activity; sid:100008135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/issues/146_150/bc_memories_from_the_mcp.exe"; endswith; nocase; http.host; content:"websound.ru"; classtype:trojan-activity; sid:100008136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"urlhaus-filter malicious website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/issues/151_155/tidex_-_short_stuff.exe"; endswith; nocase; http.host; content:"websound.ru"; classtype:trojan-activity; sid:100008137; rev:1;)
|